Have you checked out the www-security archives?
To be frank, I doubt you will get much crypto support into HTML 2 or 3,
since the current focus is to finish 2.0 and start working on the big issues
in 3.0 , such as Maths and table support, not to mention character set
The security group is dealing with the issues you are discussing.
Ah - *idea* - you could store fragment signatures and other cryptographic
data external to the HTML document by using named ranges as proposed in
the HTML 3.0 - i.e. having a signature for a section named using the MARK
and RANGE tags. (I'm inventing the Signature HTTP header here).
Content-type: text/html; version=3.0
Signature: id0; dn="[log in to unmask]"; pgp="arfle-barfle-gloop"
Signature: id1, dn="my RSA sanctioned name"; pem="base64-encoded-signature"
<MARK RANGE=id0 START=id_a END=id_b>
The user agent computes the signature using its own keyring (or fetches the
appropriate key using some defined mechanism (did you see a handwave? I saw
no handwave!) ) and checks it against the s-http encapsulated header.