diff --git a/README.md b/README.md
index 8b6cfdc..af3c23f 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,21 @@ Best used within a script that synchronizes local files with the server.  This i
 
 ### Verifying
 
-Verification is not yet implemented, but can be done manually.  Here is an example for the Gemini protocol (using [agunua](https://framagit.org/bortzmeyer/agunua) to download files):
+Verification is not yet implemented, but here is an approximation of how it will work:
+
+0. User runs `netsigil --verify scheme://example.org:port/~user/file`.
+1. Download `scheme://example.org:port/~user/file`.
+2. If we already have a `SHA256SUMS` file for `scheme://example.org:port/~user`, then go to 7.
+3. Download `scheme://example.org:port/~user/.well-known/signature-bundle`.
+4. If not already present, extract `key.pub` from `signature-bundle` and store it locally (Trust on first use).
+5. Use `key.pub` to verify `signature-bundle`.
+6. Extract `SHA256SUMS` from `signature-bundle` and store it locally.
+7. Check if the hash of `file` matches the one in `SHA256SUMS`.  If it does, stop here.  Perhaps output the requested file to stdout.
+8. On hash mismatch: if step 2 was true, then go to step 3; else, stop.
+
+Note that in this example, `.well-known` is under `~user`, not directly under `example.org`.  This is to account for multi-user systems (pubnixes/tilde communities).
+
+Verification can also be done manually.  Here is an example for the Gemini protocol (using [agunua](https://framagit.org/bortzmeyer/agunua) to download files):
 
 ```
 # Download `signature-bundle`