While we need those for see-other-host support, in theory client may send them after establishing TLS (either over XMPPS connection (DirectTLS) or after StartTLS). With sending see-other-host after StartTLS there is a slight penalty (related to starting TLS, a few round trips), I think we should change our code to send from only after TLS is established as that will provide some more privacy from TCP sniffers, while it should not impact performance of the app or our see-other-host implementation. Moreover, it is now more frequent (and even with our library it is preferred) to use DirectTLS, which means that TLS is already established, so penalty should be minimal.
Reported for SiskinIM at https://github.com/tigase/siskin-im/issues/217 and Martin at https://github.com/tigase/Martin/issues/22.
While we need those for see-other-host support, in theory client may send them after establishing TLS (either over XMPPS connection (DirectTLS) or after StartTLS). With sending
see-other-hostafter StartTLS there is a slight penalty (related to starting TLS, a few round trips), I think we should change our code to sendfromonly after TLS is established as that will provide some more privacy from TCP sniffers, while it should not impact performance of the app or our see-other-host implementation. Moreover, it is now more frequent (and even with our library it is preferred) to use DirectTLS, which means that TLS is already established, so penalty should be minimal.