Hi everyone,
I’m looking for feedback on ways to minimize trust assumptions in decentralized application (dApp) distribution, especially for web apps accessed via browsers.
Current Issues
Web Hosting Trust: Even if an app’s source code is open, users typically don’t audit or self-host it (plus standalone apps will be better for such security-aware scenarios). Instead, they trust the publisher’s server, which relies on the security of HTTPS (CAs, DNS, ISPs).
Decentralized Hosting: Hosting on IPFS is an improvement, but when using HTTP gateways (the prevalent case), the same trust issues arise with additional ones. Users must trust the gateway, the pinning service, and importantly the content integrity cannot be verified, defeating the purpose of minimizing trust.
Goal
We’re exploring ways to reduce these trust dependencies and create a more trustless distribution model.
Questions for the Community
Is this an important issue for you? Should we focus on minimizing trust in dApp distribution?
What solutions have you seen or thought about that could help?
What challenges do you see with existing or new approaches?
Looking forward to your thoughts and suggestions!
Thanks,
SO/DA