Dappy's goal is to be a decentralized public ultra-trustworthy name system, to expand the security features of current browsers, as well as dropping some features that may be here only as monkey-patching features or for retrocompatibility purposes. Regarding to web standards and recommendations, dappy is halfway between upgrade and shift.
Our belief is that the browser and protocol should make it easy and ultra-secure by default to distribute any kind web applications (banking, defi, fintech, blockchain, NFTs, DAO, health, energy, blogging etc.). Many developers, sysadmins, devops, researchers would agree that this is not at all the case today. Securing 100% of authentication, cookies, XSS attacks, DNS attacks may be almost impossible. Still, a protocol and browser upgrade or shift can greatly reduce the attack surface.
We believe that by taking a disruptive, critical approach to this, we can make it at the same time simpler and more secure. The biggest improvements/shift is of course the no-DNS name system, one core technology at the backbone of this project being blockchain technology and decentralization principles.
This document is here to reflect on the changes dappy brings, and web security standards. it is meant for hackers, bug hunters, researchers or developers that wish to take a grip at dappy.
This document includes two main sections:
Specs and web standards that discuss the improvements or differences in dappy, related to the web standards CORS, cookies, HTTPS, CSP and mainly the name system.
Glossary obviously contains definitions of terms that are new and widely use across the various dappy related documents.
You do not agree with a specific point ? Or just want to chat ? Please come chat with us on discord.