Sometimes a problem appears with publishing information on the Web, when the authenticity of document, especially a widely-distributed one, has to be checked. I am not aware about any mechanism available presently. A trick with HTML (or SGML in general) tag and a comment, a browser plugin (or manual operation over saved source), and a GPG signature over part of the HTML file should do the job, with maintaining full backward compatibility and no problems for the users not using this scheme. It should be possible to make this HTML construction: <HTML> <BODY> blah blah blah blah blah unsigned irrelevant part of the document, eg. headers and sidebars which change with the site design <SIGNED SCHEME="GPG"><!-- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 --!> This is the PGP-signed part of the HTML document. <!-- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.1.91 (MingW32) - GPGrelay v0.893 ihas7Ds9fXLR9ksWRdwNZXNA8SdshwAJ9zwXFDgvdg5G2mqXp5BD4Sx2ZmjwCfSs70 Kj8sQor6i+MUZBmp5pdM1vU= =hIsR -----END PGP SIGNATURE----- --!></SIGNED> the unsigned rest of the HTML document </BODY></HTML> The <SIGNED>...</SIGNED> tags are ignored by browsers that don't know them, and provide leads for eventual browser plugins. The <!-- --> comments are used to hide the signature from the user in standard browsers. The scheme is designed to allow signing only parts of documents, so they could be published in fast-changing environments like blogs or on dynamically generated pages, and to have many different signed parts on one page. It should also allow manual checking of the signature, eg. by curl http://url | gpg --verify Feel free to use the idea if it is good. Opinions, comments?