[JDEV] Signed & encrypted messages

Mathew Johnston johnston at megaepic.com
Fri Jun 1 11:42:58 CDT 2001 

I think that I agree with you here; I'm not sure why people want to keep
the vcard as small as possible. Perhaps someone could explain? It certainly
does not have anything to do with crypto :)

Mat.


On Fri, Jun 01, 2001 at 10:14:33PM +1000, Michael Brown wrote:
> From: "Max Horn" <max at quendi.de>
> <snip>
> > >The fourth
> > >property would be up to clients. Since there may be more than
> > >one certificate (for each different algorithm) we can't really
> > >put them all into a user's vcard, since that would be too big.
> >
> > I agree. I'd prefer if vCards would stay small. But maybe vCards
> > should be signable? So we can verify they are real ;)
> 
>  Can someone explain this to me?  I'm no crypto expert, so maybe I'm missing
> something...
> 
> First of all, what is the obsession that everyone has with keeping vCards as
> small as possible?  I agree that I wouldn't want to see them bloat
> unnecessarily, but they are a container for keeping all the information
> about a person in one place.  Somones public key is information related
> directly to that person, so it *should* be stored in the vCard (even if it
> is also stored somewhere else - such as a trusted server run by a CA so we
> can check to see if the one in the vCard hasn't been altered).
> 
> After all, isn't there a "key" field or some such in the vCard spec exactly
> for this purpose?  Are we just going to ignore that and stick it somewhere
> else?  If that's the case, why use the vCard spec at all?  also The vCard
> has room for a BASE64 encoded photo and audio sample of your name (which is
> also a good thing IMO) - I think we can fit a few certificates.
> 
> Secondly, are these certificates that big?  Aren't we talking about the same
> things that many members of this list see fit to attach to the end of each
> email they send?  (Is a PGP Signature the same as what we are talking about
> here?) My Lotus Notes file is only 4.7K, and it has quite a few x.509
> certificates and god-knows-what else in it.
> 
> Thirdly, how often are vCards downloaded in a typical Jabber client?  Every
> so often when the user right clicks on a client and selects "View vCard" I
> suspect, or maybe they are parsed once when the contact list is drawn up to
> populate an "About This User" dialogue...either way...
> 
> 
> Michael.
> 
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

More information about the JDev mailing list