Link Search Menu Expand Document

Vera: Domain names without the Internet

Vera will be a protocol to authenticate users and organisations, as well as any content they produce. It’ll leverage the existing DNS infrastructure without actually using the Internet.

Apps will use Vera to verify the authenticity and integrity of any type of data, and thus reliably attribute it to an organisation (like acme.com) or a member of an organisation (like alice.smith of acme.com).

Use cases

Vera can improve existing systems in many ways, such as:

  • Avoiding phishing in offline messaging apps (the raison d’être of this project).
  • Sharing Web content offline or via email – the actual content, not a URL.
  • Decentralised document-signing – without a gatekeeper like Adobe.
  • API authentication – without bearer tokens or pre-shared public keys.
  • User authentication – without auth servers.

But perhaps more interestingly, it could power a new generation of systems that wouldn’t be possible today. Like a new Web where static contents are no longer hosted on servers, but are instead hosted on BitTorrent and authenticated with Vera – Web 4.0 if you like.

Technical overview

Vera combines DNSSEC with a new Public Key Infrastructure (PKI) to produce digital signatures whose provenance can be traced back to a domain name. Any DNSSEC-enabled domain can be a trust anchor in the PKI, but it’d only have control over itself (not other domains).

Consequently, every digital signature contains enough data to be independently verified. External queries, such as DNS lookups, are not needed.

Designing and implementing yet another auth protocol is not something we take lightly: We know it’s hard to get them right and the consequences can be catastrophic. Unfortunately, no existing technology satisfied our needs.

Watch the video below for a walk-through of the protocol and a demo of the prototype.

Learn more about the architecture Read the spec

About

This project is being incubated by Relaycorp for use in Letro, but Vera itself is completely agnostic of Letro and Relaycorp.

We could bundle it with Letro, but we think that the core functionality is generic enough and so widely applicable that it makes more sense to develop it independently. We also expect it to play a crucial role in Awala in the future, such as when we support message broadcasting.

The word vera is Ido for authentic, and it’s pronounced VEH-rah (with a trilled R).