4.1 Security Considerations for Implementers

The vCard format can carry cryptographic keys or certificates, as specified in section 2.1.3.8.2.

Section 2.1.3.8.1 specifies a security classification policy for a vCard. Note that the security policy is not enforced in any way.

vCards have no inherent authentication or privacy features, but they can be sent by any security mechanism that transfers MIME objects with security or privacy. Where the threat exists of invalid vCard information, it is recommended that you send the vCard by such a mechanism.

The information contained in a vCard might become out of date. In cases where the data is important to the originator of the vCard, it is recommended that you specify the URL type specified in section 2.1.3.7.8. In addition, you can use the REV type specified in section 2.1.3.7.4 to indicate the last time that the vCard data was updated.