* loadLog should verify the hashes (and signatures) in the log, and
  refuse to use logs that are not valid proofs of a session.
* Encryption!
* Add random nonce to start message, to avoid replay issues.
  (Or perhaps the encryption derives a RSA key in a way that avoids
  replay..)
* Network!
* Server!
* gpg key downloading, web of trust checking, prompting
  Alternatively, let debug-me be started with a gpg key,
  this way a project's website can instruct their users to
  "run debug-me --trust-gpg-key=whatever"