Sometimes a problem appears with publishing information on the Web, when the authenticity of document, especially a widely-distributed one, has to be checked. I am not aware about any mechanism available presently. A trick with HTML (or SGML in general) tag and a comment, a browser plugin (or manual operation over saved source), and a GPG signature over part of the HTML file should do the job, with maintaining full backward compatibility and no problems for the users not using this scheme. It should be possible to make this HTML construction: <HTML> <BODY> blah blah blah blah blah unsigned irrelevant part of the document, eg. headers and sidebars which change with the site design <SIGNED SCHEME="GPG"> This is the PGP-signed part of the HTML document. </SIGNED> the unsigned rest of the HTML document </BODY></HTML> The <SIGNED>...</SIGNED> tags are ignored by browsers that don't know them, and provide leads for eventual browser plugins. The <!-- --> comments are used to hide the signature from the user in standard browsers. The scheme is designed to allow signing only parts of documents, so they could be published in fast-changing environments like blogs or on dynamically generated pages, and to have many different signed parts on one page. It should also allow manual checking of the signature, eg. by curl http://url | gpg --verify Feel free to use the idea if it is good. Opinions, comments?