--- a/doc/encryption.rst	Sun Oct 30 01:06:58 2022 +0200
+++ b/doc/encryption.rst	Sun Oct 30 01:06:58 2022 +0200
@@ -92,3 +92,36 @@
 
 .. _OpenPGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP
 
+Pubsub Signature
+================
+
+By default, identity of the publisher of a pubsub item is difficult to authenticate: it
+may be specified by the pubsub service (using the `"publisher" attribute`_), but this
+attribute is not set by all pubsub services, and it can be spoofed by the service or the
+XMPP server.
+
+To strongly authenticate the publisher of a pubsub item, it is possible to cryptographically sign an item. This can work with any pubsub item, encrypted or not, and it can be done after the item has been published. The process use `Pubsub Signing protoXEP`_
+
+.. note::
+
+   Pubsub Signing specification is not currently an official XEP (XMPP Extension
+   Protocol), it is about to be examinated by "XMPP council". This documentation will be
+   updated with the evolution of the situation.
+
+.. attention::
+
+   Signature only certifies that the signers strongly link themselves with this version of
+   the item, not that the signers are the original authors of the item. In other words, it
+   prevents somebody to say that somebody else has published something (the signature
+   would be missing or invalid), but the published data may come from anywhere. Also keep
+   in mind that a security breach (stolen encryption keys, major bug somewhere) is always
+   possible.
+
+
+To handle pubsub signatures from command line, you may use
+:ref:`libervia-cli_pubsub_signature`.
+
+.. _"publisher" attribute: https://xmpp.org/extensions/xep-0060.html#publisher-publish-success-publisher
+
+.. _Pubsub Signing protoXEP: https://github.com/xsf/xeps/pull/1228
+