A quick comment: Security Considerations say "Because decloaking is a presence leak (albeit intentional), an XMPP client that implements the receiving side of this specification MUST disable sharing of session presence by default and MUST enable the feature only as a result of explicit user configuration."
I suggest changing "explicit user configuration" with "explicit user confirmation" and then adding another sentence that the user confirmation can be per request, per first request per requestor, or by setting some "always decloak" configuration option, or other suitable means so long as decloaking doesn't occur by default. That is, the first MUST is the key security requirement, how to override the default is necessary detail for implementors to address how they see fit. -- Kurt
