I thought that only protected against modification in transit though. Often, what you really want is to verify the content is what the original source intended it to be, rather than what the server sent. In that case, you want a mechanism for attaching a GPG-like signature to the content. It doesn't matter then if the content is delivered via mirrors, caches and HTTP. This would be especially useful for things like jQuery mirrors, where a compromise of the server would affect many sites at once.