Your web application is at risk !

March 11, 2022 2022-08-04 8:34

Why dappy ?

It is virtually impossible to distribute a truly confidential and secure web service on the standard Domain Name System + HTTPS system today.

HTTPS/TLS and

500 root certificates are installed on microsoft windows. Hundreds of companies, with malicious intent and a bit of ingenuity can transparently perform TLS interception (man in the middle attack) and spy on communications without the client or the server noticing it.

Domain Name System

On the DNS side, management, ownership and resolution of the domain names is also obscurly shared between various centralized services : DNS resolver, DNS registrar, DNS registries and ICANN.

As an example this financial web service was hacked simply because of mismanagement by the registrar. The only solution they had is to change registrar.

The amount of trusted intermediaries, the centralized structure of the DNS as well as the poor security that the DNS protocol uses by default (DNS can of course be secured with DoH for example) create massive attack vectors that cost hundreds of millions to many industries each year.

The centralized and delegated management principles behind the Domain Name and the TLS Certificate Authorities systems open many flaws and limit the security and confidentiality that can be achieved, thus hundreds of SaaS and online services cannot exist on the public web today. A typical critical service will impose VPN, DaaS (Desktop as a service) or VDI (Virtual Desktop Infrastructure) to its external partners or customers. This will cost money, add frictions and lower the “discoverability” of the web services.

Dappy is a name system and secure service discovery technology powered by blockchain and zero-trust resolutions.

Dappy’s technology is simple, as secure as the blockchain. It allows your clients, key partners, stakeholders and employees to connect to your internet facing web services through a unique address that only you are in control of. . Dappy is independent of the DNS and Certificate Authorities.

Companies and users of the dappy name system own their domains and root TLS certificate on the blockchain. Almost every middleman is removed, which means that :
TLS cannot be impersonated (Man-In-The-Middle / TLS interception attack)
Registrar / registries based attacks do not exist anymore
Domain names cannot be stolen, censored or taken down due to unilateral decisions.

How does dappy do it ?

Dappy horizontality and distributed trust model

Dappy replaces the traditional DNS layer with a name system that is executed on a blockchain platform, the lookups (when your client accesses the website) are resolved by a network of independent companies, they horizontally certify the domain names and encryption certificates Even is one company gets hacked, or acts maliciously, it is only 1 out of n, your service continue functionning thanks to co-resolution. You can find the companies of the dappy network on the homepage.

Co-resolution brings trust to the browser, and removes single points of failure that still exist in DNSSEC and DoH systems.

We would be glad to help you secure your endpoints and web applications, or just chat about the dappy project and web security. You can reach out to us anytime.