Securely attribute content to domain names
VeraId is a decentralised, user-friendly, offline-first authentication protocol.
VeraId is a decentralised, user-friendly, offline-first authentication protocol.
Ditch API keys! Clients authenticate by proving their identity (e.g. [email protected]). Think AWS roles or Azure managed identities, but for the entire Internet!
Sign documents, apps, libraries, and other files on behalf of a domain name, without gatekeepers like Adobe or Microsoft.
Enable users of offline systems to authenticate with user-friendly, customisable identifiers. That's how Letro uses VeraId!
VeraId enables systems that are hard to imagine today, like peer-to-peer web hosting with contents reliably attributed to their respective domain names.
VeraId combines DNSSEC with a new Public Key Infrastructure (PKI) to produce digital signatures that can be linked to a domain name. Consequently, every signature contains enough data to be independently verified without external queries, such as DNS lookups.
For example, this is how we'd verify a VeraId Signature Bundle attributing "Bazinga!"
to [email protected]:
Any DNSSEC-enabled domain can be a trust anchor in the PKI, but it only has control over itself. This offers far better security than PKIs such as the Transport Layer Security (TLS), where many trust anchors (Certificate Authorities) can issue certificates for any domain.
I designed VeraId to provide Letro users with offline-compatible identifiers that are robust enough to withstand attacks by the nation-state actors that would target some of them.
Designing and implementing another auth protocol is not something I took lightly: I know it's hard to get them right and the consequences can be catastrophic. Unfortunately, no existing technology satisfied our needs.
Creator of VeraId, and former member of Auth0's core engineering team.