|
|
|
|
|
|
by moparisthebest
2640 days ago
|
|
|
You can connect to XMPP servers over tor, even host them on .onion addresses. Also, XMPP has e2e extensions, at least one of which supports encrypting/verifying arbitrary XML[1], so if the resolver supported it, you could only trust the resolver. (also don't forget about DNSSEC which can be used to verify DNS responses too) [1]: https://xmpp.org/extensions/xep-0373.html |
|
|
I must admit to being biased against using DNSSEC alone because a malicious XMPP server can still inspect and/or modify queries and responses. By self-hosting you mitigate, but without e2ee the server is still trusted (in the threat-model).