4.1 Security Considerations for Implementers
The vCard format can carry cryptographic keys or certificates, as specified in section 184.108.40.206.2.
Section 220.127.116.11.1 specifies a security classification policy for a vCard. Note that the security policy is not enforced in any way.
vCards have no inherent authentication or privacy features, but they can be sent by any security mechanism that transfers MIME objects with security or privacy. Where the threat exists of invalid vCard information, it is recommended that you send the vCard by such a mechanism.
The information contained in a vCard may become out of date. In cases where the data is important to the originator of the vCard, it is recommended that you specify the URL type specified in section 18.104.22.168.8. In addition, you can use the REV type specified in section 22.214.171.124.4 to indicate the last time that the vCard data was updated.