Link Search Menu Expand Document

Prior art

We need a mechanism to assign customisable, user-friendly, universally-unique, offline-compatible identifiers to Letro users to avoid phishing. We didn’t find any prior attempt to achieve this in a decentralised manner, so we decided to build our own solution based on DNS.

We did consider the following technologies, but we decided not to use them or build upon them:

Federated auth protocols

This includes protocols like OAuth2/OIDC and SAML.

Compliant servers (e.g., often return auth responses for other domains (e.g.,, which is fine and even desirable on the Web, but would be problematic in an offline context as we wouldn’t know if the auth server has the authority to authenticate users from other domains. A simple workaround could be to only trust email addresses whose domains match those of their respective auth servers.

More importantly, however: we wouldn’t have the auth servers’ public keys to verify their responses offline, and pre-sharing such keys for every possible server is simply unfeasible. Alternatively, we could not use such keys and rely on TLSNotary instead, but that’d make the solution hard to use and add significant data overhead (e.g., the server’s certificate chain).

W3C Decentralized Identifier (DID) methods

We did a cursory survey of the many DID methods available (127 as of this writing), and we couldn’t find a suitable one. Apart from blockchain-based methods, which we’re ruling out for the reasons explained below, we looked at the following methods:

  • DNS (did:dns) and Web (did:web). They both recommend the use of DNSSEC to resolve records, but neither offers a secure way to use the DID offline.
  • Peer (did:peer). This method is meant to be used privately between two parties, and therefore doesn’t provide ids that are customisable, user-friendly or universally-unique.

Tor’s Onion v3 vanity addresses

For example, bbcnewsv2vjtpsuy.onion is the Onion v3 vanity address for BBC News.

Even if we adapted the underlying algorithm to suppress the .onion suffix, addresses would still have a randomly-generated sequence after the customisable prefix, which wouldn’t be customisable or user-friendly enough for us.

Blockchain-based technologies

This includes alternative DNS roots (like ENS) and many W3C DIDs.

Any blockchain-based solution would require each app to store gigabytes of data (and keep it in sync) or blindly trust the information received from external sources (most likely a company like Infura).

Even if Zero-Knowledge Proofs could overcome these limitations, we’d rather not depend on a technology that’s more complicated, more centralised, more costly and less battle-tested than DNSSEC.

There are valid use cases for blockchain technology, but this isn’t one of them.

DNS-Based Authentication of Named Entities (DANE)

Intuitively, it may seem like a good foundation for Vera, but it really is geared towards securing the trust anchor in the Internet PKI (PKIX). That is, DANE’s sole purpose is to help TLS clients authenticate the certificates used by servers. However, we’re not trying to authenticate servers and our users may not even have access to the Internet.

Extensible Resource Identifier (XRI) i-names

Like =Alice.Smith, @ACME or @ACME*Alice.Smith. Were XRI not defunct, we might have used it instead of DNS.