That's correct. Cryptographic identities are permissionless identities because they do not require the permission of a central authority to be created or used. This means that anyone can create a cryptographic identity, and anyone can verify the authenticity of a cryptographic identity.

Cryptographic identities are created using a public-key cryptography system. In a public-key cryptography system, each user has two keys: a public key and a private key. The public key is used to encrypt data, and the private key is used to decrypt data.

When a user creates a cryptographic identity, they generate a public key and a private key. The public key is then published on a public ledger, such as a blockchain. The private key is kept secret by the user.

To verify the authenticity of a cryptographic identity, the public key is used to encrypt a message. The encrypted message is then sent to the user. The user then uses their private key to decrypt the message. If the message can be decrypted, then the user's identity has been verified.

The permissionless nature of cryptographic identities makes them ideal for a variety of applications, such as online voting, digital contracts, and secure communication.

Here are some of the benefits of using cryptographic identities:

Privacy: Cryptographic identities allow users to maintain their privacy. The public key can be used to verify the authenticity of a user's identity without revealing any personal information about the user.

Security: Cryptographic identities are very secure. The private key is kept secret by the user, so only the user can decrypt messages that are encrypted with their public key.

Scalability: Cryptographic identities can be scaled to a large number of users. The public ledger can be distributed across a network of nodes, so there is no single point of failure.