diff --git a/boards/models/post/sync.py b/boards/models/post/sync.py
--- a/boards/models/post/sync.py
+++ b/boards/models/post/sync.py
@@ -27,6 +27,7 @@ ATTR_TYPE = 'type'
 ATTR_NAME = 'name'
 ATTR_VALUE = 'value'
 ATTR_MIMETYPE = 'mimetype'
+ATTR_KEY = 'key'
 
 STATUS_SUCCESS = 'success'
 
@@ -79,12 +80,13 @@ class SyncManager:
                 signatures = [Signature(
                     key_type=key.key_type,
                     key=key.public_key,
-                    signature=key.sign(et.tostring(model, ENCODING_UNICODE)),
+                    signature=key.sign(et.tostring(content_tag, ENCODING_UNICODE)),
                 )]
             for signature in signatures:
                 signature_tag = et.SubElement(signatures_tag, TAG_SIGNATURE)
                 signature_tag.set(ATTR_TYPE, signature.key_type)
                 signature_tag.set(ATTR_VALUE, signature.signature)
+                signature_tag.set(ATTR_KEY, signature.key)
 
         return et.tostring(response, ENCODING_UNICODE)
 
@@ -97,6 +99,12 @@ class SyncManager:
             tag_models = tag_root.find(TAG_MODELS)
             for tag_model in tag_models:
                 tag_content = tag_model.find(TAG_CONTENT)
+
+                valid = SyncManager.verify_model(tag_content, tag_model)
+
+                if not valid:
+                    raise Exception('Invalid model signature')
+
                 tag_id = tag_content.find(TAG_ID)
                 global_id, exists = GlobalId.from_xml_element(tag_id)
 
@@ -127,3 +135,26 @@ class SyncManager:
         else:
             # TODO Throw an exception?
             pass
+
+    @staticmethod
+    def verify_model(tag_content, tag_model):
+        """
+        Verifies all signatures for a single model.
+        """
+
+        valid = True
+
+        tag_signatures = tag_model.find(TAG_SIGNATURES)
+        for tag_signature in tag_signatures:
+            signature_type = tag_signature.get(ATTR_TYPE)
+            signature_value = tag_signature.get(ATTR_VALUE)
+            signature_key = tag_signature.get(ATTR_KEY)
+
+            if not KeyPair.objects.verify(
+                    signature_key,
+                    et.tostring(tag_content, ENCODING_UNICODE),
+                    signature_value, signature_type):
+                valid = False
+                break
+
+        return valid
diff --git a/docs/dip-1.markdown b/docs/dip-1.markdown
--- a/docs/dip-1.markdown
+++ b/docs/dip-1.markdown
@@ -68,23 +68,23 @@ author)
 
 Sample request is as follows:
 
-<?xml version="1.1" encoding="UTF-8" ?>
-<request version="1.0" type="pull">
-    <model version="1.0" name="post">
-        <timestamp_from>0</timestamp_from>
-        <timestamp_to>0</timestamp_to>
-        <tags>
-            <tag>tag1</tag>
-        </tags>
-        <sender>
-            <allow>
-                <key>abcehy3h9t</key>
-                <key>ehoehyoe</key>
-            </allow>
-            <!-- There can be only allow block (all other are denied) or deny block (all other are allowed) -->
-        </sender>
-    </model>
-</request>
+    <?xml version="1.1" encoding="UTF-8" ?>
+    <request version="1.0" type="pull">
+        <model version="1.0" name="post">
+            <timestamp_from>0</timestamp_from>
+            <timestamp_to>0</timestamp_to>
+            <tags>
+                <tag>tag1</tag>
+            </tags>
+            <sender>
+                <allow>
+                    <key>abcehy3h9t</key>
+                    <key>ehoehyoe</key>
+                </allow>
+                <!-- There can be only allow block (all other are denied) or deny block (all other are allowed) -->
+            </sender>
+        </model>
+    </request>
 
 Under the <model> tag there are filters. Filters for the "post" model can
 be found in DIP-2.