diff --git a/docs/source/interactive/notebook.rst b/docs/source/interactive/notebook.rst
index 29eb711..c0a4880 100644
--- a/docs/source/interactive/notebook.rst
+++ b/docs/source/interactive/notebook.rst
@@ -462,6 +462,35 @@ on available options, use::
     :ref:`notebook_public_server`
 
 
+.. _signing_notebooks:
+
+Signing Notebooks
+-----------------
+
+To prevent untrusted code from executing on users' behalf when notebooks open,
+we have added a signature to the notebook, stored in metadata.
+The notebook server verifies this signature when a notebook is opened.
+If the signature stored in the notebook metadata does not match,
+javascript and HTML output will not be displayed on load,
+and must be regenerated by re-executing the cells.
+
+Any notebook that you have executed yourself *in its entirety* will be considered trusted,
+and its HTML and javascript output will be displayed on load.
+
+If you need to see HTML or Javascript output without re-executing,
+you can explicitly trust notebooks, such as those shared with you,
+or those that you have written yourself prior to IPython 2.0,
+at the command-line with::
+
+    $ ipython trust mynotebook.ipynb [other notebooks.ipynb]
+
+This just generates a new signature stored in each notebook.
+
+You can generate a new notebook signing key with::
+
+    $ ipython trust --reset
+
+
 Importing ``.py`` files
 -----------------------
 
diff --git a/docs/source/whatsnew/pr/signing.rst b/docs/source/whatsnew/pr/signing.rst
new file mode 100644
index 0000000..566f64a
--- /dev/null
+++ b/docs/source/whatsnew/pr/signing.rst
@@ -0,0 +1,7 @@
+Signing Notebooks
+-----------------
+
+To prevent untrusted code from executing on users' behalf when notebooks open,
+we have added a signature to the notebook, stored in metadata.
+
+For more information, see :ref:`signing_notebooks`.