Why We Like KERI
An Intro To Our Newsletter
Why We Like KERI
Hello, my name is Charles Lanahan and I get excited about digital identity. I’ve started a company, https://vleida.net with some partners and we wanted to start a blog for the purpose communicating a fundamental stance that we hold:
We like KERI and think you should too.
This post hopes to be the first in a series that will describe what KERI is, its constituent parts and protocols, describe why only KERI will meet the fundamental challenges of the coming explosion in digital identity services and needs and give updates or explanations of commonly asked questions from the community as they come in.
We’ll sometimes get technical and may lose ourselves in the conversation (many of us are engineers after all) but will try to keep most of the posts in this series at a level that will be comfortable for those who are familiar with the basics of public key cryptography and modern day cryptographic Public Key Infrastructure (PKI) on the Internet. Many of our blog posts should be approachable by a general audience.
When we do get technical in order to make specific points, we’ll try and let you know beforehand. If you’re not interested in the technical specifics, you can skip these sections to save time. If you ever have questions about things mentioned in these posts feel free to contact us directly. We are glad to help.
We’ve written a bit though and we haven’t yet answered the most important question:
What is KERI?
KERI stands for Key Event Receipt Infrastructure (pronounced like the name “Carrie” in English). It was first described by Dr. Samuel Smith in a whitepaper in 2019, later updated and revised in 2021, as a novel Distributed Public Key Infrastructure (DPKI) scheme with an intended purpose of providing a platform for establishing long lived digital identity on the Internet. Originally this scheme just dealt with the logistics and management of cryptographic keys (the DPKI part) as well as the creation of long-lived identifiers (AIDs, SCIDs) for people and data. Over time, protocols, specifications, and implementations of KERI and the related protocols that use it grew up around this scheme. Today, this group of protocols, standards, and tools are often referred to as the “KERI suite” or just “KERI” as shorthand. So KERI can stand for the DPKI scheme specified in the original paper or the suite of tools and protocols that use it as a shorthand. We hope to describe these pieces and how they relate to the whole of the KERI ecosystem in future blog posts.
Why do we need KERI?
KERI is a direct reaction to many of the partially secure and inherently centralized digital identity schemes that exist today. Much of the Public Key Infrastructure (PKI) on the Internet today is quite old. Examples are things like TLS/SSL Certificate Authorities (CAs) that protect Internet sessions in web browsers (the lock icon in your browser window where you’re probably reading this) or fully federated authentication systems (like Oauth) that power the “Log in with Google/Facebook/Linkedin” buttons on many websites (among other things) have been around for a while. There are other newer cryptographic infrastructure schemes using blockchains (distributed ledgers) or other methods but come with their own drawbacks.
KERI, on the other hand, is almost totally decentralized and was designed with the intent of doing away with most of the historical security flaws that have plagued these centralized systems (and will continue to do so in our opinion). A fundamental concept in KERI that exists in very few other systems that we’ve studied is that: The user and the user alone always controls all of their own keys, all of their own identifiers, and has tools that will allow them to recover their identifiers and keys when those things are inevitably attacked/lost/hacked/stolen without any other person involved. Other systems handwave these real occurrences away or delegate to central authorities the responsibility and tools to help users manage these troublesome incidents but in KERI these capabilities are built right into the protocols at the ground level! The choice to do this comes with trade-offs (as always in engineering) but we believe this choice is worth the effort due to ability to give the user complete control of their own digital identities.
There is a narrative these days that users don’t care about privacy or control. At vLEIDA we still find it a highly motivating principle and we think that only KERI provides the tools necessary to make this possible. At the same time we think that the widespread adoption of KERI will make many real world security postures cheaper, more secure, and will allow for a much more “human” relation between users and their digital identities. For the enterprise, these benefits will be even more apparent as only KERI is flexible enough to accommodate the business use cases of the future and allow for systems and business operations that literally can’t exist in the security systems that exist today. This is a bold claim so we don’t expect you to take it at face value, but expect us to elaborate on this point much more in upcoming posts.
What we’re trying to do with KERI.
Dr. Smith’s stated eventual goal for KERI is to produce a foundation for a distributed computational reputation system to quote, “qualify both the content and the creator on the Internet”. A lofty goal. Three of the principals here at vLEIDA have worked their whole careers in problem spaces that intersect with aspects of “digital reputation” so we understand how difficult and far-reaching this goal in the current moment.
Our ambitions at vLEIDA are much less ambitious. We want to build cool stuff with KERI. This “stuff” encompasses futuristic security devices, authentication schemes, cryptographic services, public sector services and systems, logistical supply chain management chains, decentralized security models for things like cars and a whole lot more. Less ambitious but still far reaching. ;-)
We have three motivating theses:
KERI allows cryptographic systems to be built much more efficiently and with greater control, security, and agility. Compared to PKI systems or security infrastructure that were designed in the past or were designed with historical baggage. The movement away from computer centric security toward user centric security is the wave of the future. We think KERI will be a large part of that movement.
Current cryptographic systems are: either inherently supported in the KERI design, can be easily adapted to an underlying KERI infrastructure with operational and security benefits, and/or can utilize KERI protocols and tools to gain advantages (technical, operational, financial) in the marketplace. That is, we can do a lot of things people are already doing, but better, with KERI.
Future cryptographic systems will need many of the properties of KERI, especially long lived decentralized systems utilizing verifiable digital credentials that may be “in flight” for significant lengths of time. Things that aren’t currently possible in today’s systems, or are only possible with extreme efforts in time and development resources, are quite easy in KERI. The Digital Identity of the future will be a game of logistics for service providers and protocol authors. We believe KERI stands best poised to deal with the realities of these future logistics in digital identity that will exist at scale.
Expect us to write much, much, more on these three theses in future posts.
Reach Out to Us to Learn More
Hopefully, we’ve piqued your interest. We’ve described our motivation for this newsletter, our appreciation of KERI, what KERI is, and our main rationale for that appreciation.
If you’d like to get involved in the community, KERI is developed in two places: The technical standards of the KERI protocols are being developed at the Trust Over IP Foundation in the Technology Stack Working Group (TSWG) and super specifically in the Authentic Chained Data Containers Task Force. The software and tools are being developed in the online WebOfTrust community on github (with the associated discord channel). If you’re interested in joining either or both of these communities hop right in or, feel free to contact us and we can help you find the best method of moving forward with KERI.
For business inquiries or to discuss the cool things we’re building with KERI, please feel free to reach out to us at this substack or by email at info@vleida.net. Please subscribe, tell your friends or others who might be interested, link to any blogs you find particularly insightful or interesting and help us get the word out! Also we hope you’ll look forward to more upcoming posts!