[amelius]

> privacy: the resolver doesn't get the requesting party's IP address

How does that work? Is it somewhat like Tor?

[mgliwka]

The resolver is a client of an XMPP server and might be on the same server or even a different server the requesting party is on.

[Requesting Party]<--->[XMPP server]<--->[XMPP Server]<--->[Resolver]

[amelius]

    [Requesting Party]<--->[XMPP server1]<--->[XMPP Server2]<--->[Resolver] 

But do I need to trust XMPP server 1 and 2?

And will XMPP server 2 have my IP address?

[SamWhited]

> But do I need to trust XMPP server 1 and 2?

You trust whatever server you query. That might be server one, or it might be server one and server two. It's a federated network, so you make requests through your own server.

> And will XMPP server 2 have my IP address?

No. It's a federated network, like email, so it just gets your XMPP address (historically referred to as a "Jabber ID" or "JID").

[tgragnato]

XMPP is not e2ee, the second server gets your JID (but not your IP, supposing your client doesn't leak it): you need to trust the servers (1, 2 and the resolver).

Also; you don't get virtual circuits, but the performance should be superior. Tor only supports A, AAAA and PTR; DoX supports every record type.

[moparisthebest]

You can connect to XMPP servers over tor, even host them on .onion addresses.

Also, XMPP has e2e extensions, at least one of which supports encrypting/verifying arbitrary XML[1], so if the resolver supported it, you could only trust the resolver. (also don't forget about DNSSEC which can be used to verify DNS responses too)

[1]: https://xmpp.org/extensions/xep-0373.html

[tgragnato]

Agreed, the best case is when you have e2ee (which unfortunately is not in core) and DNSSEC.

I must admit to being biased against using DNSSEC alone because a malicious XMPP server can still inspect and/or modify queries and responses. By self-hosting you mitigate, but without e2ee the server is still trusted (in the threat-model).