[Standards-JIG] Re: UPDATED: JEP-0027 (Current Jabber OpenPGPUsa ge)

Ian Paterson ian.paterson at clientside.co.uk
Thu Mar 18 21:32:25 UTC 2004

> So, for example, storing your public key in vcard probably isn't good
> enough.  What if Mallory rooted your server, and had it respond with one
> public key when you asked for yours (to check it), and a different one to
> me?

Yes, vcard can only store a public key if it has been signed by an authority
(i.e. a certificate).

More information about the Standards mailing list