Hello. The draft states following: "For initial stream headers in client-to-server communication, if the client knows the XMPP identity of the principal controlling the client (typically an account name of the form <n...@domain>), then it MUST include the 'from' attribute and MUST set its value to that identity."
However, the first initial stream is unencrypted. This would send user's identity through an insecure connection. Perhaps it's not a big security issue (presuming user is not absolutely paranoid), but since there is no benefit of this at all, I think it isn't such a good idea to send the identity with the header.
