There is a problem with images and other inline objects. There is a solution, too. The objects included into the document can get their hash calculated and included in their tag; eg, <IMG SRC="image.jpg" HASH="SHA1:4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"> The tag has to be in the signed part of the document, so the hash can't be tampered with. Full digital signatures should be possible as well, eg. <IMG SRC="image.jpg" SIGNATURE="http://where.is.the/signature.asc"> or <IMG SRC="image.jpg" SIGNATURE="identifier"> some HTML code here <SIGNATURE TYPE="gpg" NAME="identifier"><!-- -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.11 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA31UOQaLeriVdUjc0RAjhBAJ4u1k5ex8+ZAtYi737GFXPOiBc51gCfU5+8 is2rD6L/6fIOWttfh5CYUW0= =WOv2 -----END PGP SIGNATURE----- --></SIGNATURE> This way doesn't depend on the part of the document being signed, as the signature can't be effectively tampered with undetected anyway. Same scheme could be used in <A HREF> tags, allowing automated checking of signatures or hashes of downloaded binary files.