The DNS (name system) and CA (TLS/SSL certificates) system is built on the idea of a chain of corporations, each doing a specific job. A hack or malicious behavior of any of those corporations may put your application at risk. Hacks, censorships, inconsistencies in the DNS world happen almost everyday.
The name system is the core of the dappy project. It is a no-DNS name system and relies on the blockchain as a unique source of truth and public ledger. The point of using blockchain is to make management and distribution of web applications more secure simple, and to rely less on centralized untrustworthy or fragile DNS services and registrars.
A name is just a JSON object stored on the blockchain, and linked to a unique set of characters that were available at the time it was purchased, like "mysite" or "soccergames". The property attached to a name may be the following:
name and others that are not of our interest for this document's purpose.
The improvement dappy brings over DNS and other name systems is the trustless lookup mechanism, when the user inputs "soccergames" and hits "enter", many requests are sent to a network of independant agents (the dappy network), each agent is part of the same blockchain platform/shard and has the same data.
The responses are then reconciled. Depending on the distribution (aaaaaa, aaabbb or aaaaab), the multi-request may fail or succeed.
There is no certificate authorities for SSL/TLS certificates. They are simply attached to the name.
Every browser-to-node communication is done over HTTPS, the certificate being hardcoded in the browser, or updated through a multi-request addressed to the dappy network, the very same multi-request mechanism the name system relies on.
This file that is not used yet may help you understand as well.
The only single point of failures remaining may be the operating system of the user and/or the server distributing the browser in the first place. All the unique DNS services are gone (registrars, DNS resolvers like 18.104.22.168 or 22.214.171.124, DNS providers like Verisign etc.) and are replaced by a network in which there is no leader / unique endpoint.
The name system is managed by a NFT contract deployed on the RChain blockchain.
Check rchain-token repository