Introduction
Dappy is an ecosystem and public network for securing web applications and data exchange on the public internet (SaaS, web applications, XHR calls, API calls, services discovery). It provides an all-in-one solution that replaces DNS and Certificate Authorities.
This document is here to reflect on the changes dappy brings, and the relation with current web and DNS security standards. It is meant for hackers, bug hunters, researchers or developers who wish to take a grip at dappy.
What is dappy for ?
Dappy can be used for simple server-to-server communications, for example an aircraft manufacturing company needs to exchange critical informations with a transporter, a SaaS or B2B financial service needs to communicate with a client company. In this case you will probably use dappy-lookup or similar libraries.
The dappy name system can also be used in a browser that is compatible with dappy, for web applications, just like today's browser connect to the DNS to know the IP of a server, and connect to the TLS certificate authorities that are authoritative for the connection.
Context and vision
Dappy's goal is to be a decentralized public ultra-trustworthy name system, to expand the security features of current browsers and/or DNS based systems, as well as dropping some features that may be here only as monkey-patching features or for retrocompatibility purposes. Regarding to web standards and recommendations, dappy is halfway between upgrade and shift.
Our belief, and the belief of community members and companies that strengthen the dappy network is that more than 30 years after the DNS was born, there is a strong need for a new or improved protocol. It should be easy and very secure by default to discover a new service, recover the TLS certificate and IP addresses for it. On the distribution side, it should be as easy to expose web application, API or any program through the name system.
Many cybersecurity researchers and analyst would agree that DNS and the Certificate Authorities system do not provide a secure and easy solution out of the box. Many attack vectors exist at almost every layer. For many online B2B web applications (banking, DeFi, fintech, blockchain, NFTs, DAO, health, transport, energy, blogging etc.), securing data exchange requires a lot knowledge and often additional tooling or engineers.
Three main sections:
Specs and web standards that discuss the improvements or differences in dappy, related to the web standards CORS, cookies, HTTPS, CSP and mainly the name system.
Sections specific to browser and web applications : obviously the improvements or changes that exclusively concern a web browser context, not SDKs or server-to-server communications.
Glossary obviously contains definitions of terms that are new and widely use across the various dappy related documents.
You do not agree with a specific point ? Or just want to chat ? Please come chat with us on discord.
Last updated