There is a problem with images and other inline objects. There is a solution, too. The objects included into the document can get their hash calculated and included in their tag; eg, <IMG SRC="image.jpg" HASH="SHA1:4e1243bd22c66e76c2ba9eddc1f91394e57f9f83"> The tag has to be in the signed part of the document, so the hash can't be tampered with. Full digital signatures should be possible as well, eg. <IMG SRC="image.jpg" SIGNATURE="http://where.is.the/signature.asc"> or <IMG SRC="image.jpg" SIGNATURE="identifier"> some HTML code here <SIGNATURE TYPE="gpg" NAME="identifier"></SIGNATURE> This way doesn't depend on the part of the document being signed, as the signature can't be effectively tampered with undetected anyway. Same scheme could be used in <A HREF> tags, allowing automated checking of signatures or hashes of downloaded binary files.