VeraId will be a protocol to authenticate users and organisations, as well as any content they produce. It’ll leverage the existing DNS infrastructure without actually using the Internet.
Apps will use VeraId to verify the authenticity and integrity of any type of data, and thus reliably attribute it to an organisation (like acme.com) or a member of an organisation (like alice.smith of acme.com).
But perhaps more interestingly, it could power a new generation of decentralised systems that wouldn’t be possible today – like peer-to-peer web hosting with contents reliably attributed to their respective domain names.
VeraId combines DNSSEC with a new Public Key Infrastructure (PKI) to produce digital signatures whose provenance can be traced back to a domain name. Any DNSSEC-enabled domain can be a trust anchor in the PKI, but it’d only have control over itself (not other domains).
Consequently, every digital signature contains enough data to be independently verified. External queries, such as DNS lookups, are not needed.