The reason behind my original proposal of a system that could use PGP keyrings is thus: let's say that I want to call you. I tell my cryptophone to call "Phil Karn", so it looks up your public key and uses it to encrypt my side's session key, then signs the encrypted version with my public key.
You're creating an unnecessary vulnerability here. By using RSA to encrypt the session key, all of your past conversations would be compromised if your RSA secret key were ever revealed. True, this is already the case for PGP-encrypted messages which are usually sent over unidirectional mail channels. There you can't really do much better. Voice calls are different, as the availability of a two-way path lets you do things much more securely. If you generate a session key with DH and use PGP/RSA *only to sign the exchanges*, not to encrypt the session key, then even if your RSA secret key is later compromised, it would not compromise those session keys that had already been created, used and destroyed. This is a very powerful feature! Consider the profound effect it would have on the whole topic of "rubber hose cryptanalysis", either in its pure unadulterated form (blackmail, torture, death threats) or in its "legal" form (being compelled to divulge an encryption key that could be used against you, despite the 5th amendment). Session keys could be created, authenticated, used and destroyed without the user ever having to know them, or even having any way to recreate them after the fact despite knowledge of the RSA secret key that was used to authenticate them. Phil