diff --git a/doc/ChangeLog b/doc/ChangeLog
index 39509b40a..4f7ea6c81 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-25  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpg.sgml: Document --ask-cert-level, --max-output, and
+	--default-cert-level.
+
 2004-02-09  David Shaw  <dshaw@jabberwocky.com>
 
 	* gpg.sgml: Clarify -u/--local-user and --default-key.
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index 851c7bb4e..cb08dfa44 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -256,12 +256,12 @@ Same as --list-keys, but the signatures are listed too.
 For each signature listed, there are several flags in between the
 "sig" tag and keyid.  These flags give additional information about
 each signature.  From left to right, they are the numbers 1-3 for
-certificate check level (see --default-cert-check-level), "L" for a
-local or non-exportable signature (see --lsign-key), "R" for a
-nonRevocable signature (see --nrsign-key), "P" for a signature that
-contains a policy URL (see --cert-policy-url), "N" for a signature
-that contains a notation (see --cert-notation), and "X" for an eXpired
-signature (see --ask-cert-expire).
+certificate check level (see --ask-cert-level), "L" for a local or
+non-exportable signature (see --lsign-key), "R" for a nonRevocable
+signature (see --nrsign-key), "P" for a signature that contains a
+policy URL (see --cert-policy-url), "N" for a signature that contains
+a notation (see --cert-notation), and "X" for an eXpired signature
+(see --ask-cert-expire).
 </para></listitem></varlistentry>
 
 
@@ -782,6 +782,19 @@ Create ASCII armored output.
 Write output to &ParmFile;.
 </para></listitem></varlistentry>
 
+<varlistentry>
+<term>--max-output &ParmN;</term>
+<listitem><para>
+This option set a limit on the number of bytes that will be generated
+when processing a file.  Since OpenPGP supports various levels of
+compression, it is possible that the plaintext of a given message may
+be significantly larger than the original OpenPGP message.  While
+GnuPG works properly with such messages, there is often a desire to
+set a maximum file size that will be generated before processing is
+forced to stop by the OS limits.  Defaults to 0, which means "no
+limit".
+</para></listitem></varlistentry>
+
 <varlistentry>
 <term>--mangle-dos-filenames</term>
 <term>--no-mangle-dos-filenames</term>
@@ -947,11 +960,24 @@ Assume "yes" on most questions.
 <varlistentry>
 <term>--no</term>
 <listitem><para>
- Assume "no" on most questions.
+Assume "no" on most questions.
 </para></listitem></varlistentry>
 
+
 <varlistentry>
-<term>--default-cert-check-level &ParmN;</term>
+<term>--ask-cert-level</term>
+<term>--no-ask-cert-level</term>
+<listitem><para>
+When making a key signature, prompt for a certification level.  If
+this option is not specified, the certification level used is set via
+--default-cert-level.  See --default-cert-level for information on the
+specific levels and how they are used. --no-ask-cert-level disables
+this option.  This option defaults to yes.
+</para></listitem></varlistentry>
+
+
+<varlistentry>
+<term>--default-cert-level &ParmN;</term>
 <listitem><para>
 The default to use for the check level when signing a key.
 </para><para>
@@ -979,11 +1005,10 @@ Note that the examples given above for levels 2 and 3 are just that:
 examples.  In the end, it is up to you to decide just what "casual"
 and "extensive" mean to you.
 </para><para>
-This option defaults to 0.
+This option defaults to 0 (no particular claim).
 </para></listitem></varlistentry>
 
 
-
 <varlistentry>
 <term>--trusted-key <parameter>long key ID</parameter></term>
 <listitem><para>