[dmarc-ietf] The "policy" value and replay attacks

Alessandro Vesely <vesely@tana.it> Fri, 10 May 2013 13:44 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86C6A21F9003 for <dmarc@ietfa.amsl.com>; Fri, 10 May 2013 06:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.219
X-Spam-Level:
X-Spam-Status: No, score=-5.219 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LPNfvTOwmAxb for <dmarc@ietfa.amsl.com>; Fri, 10 May 2013 06:44:00 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 308FD21F9019 for <dmarc@ietf.org>; Fri, 10 May 2013 06:43:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1368193427; bh=tOE142r/TEsledUk6lnUMPxbxCE7xSdHIX5fwm1pRJM=; l=912; h=Date:From:To; b=J7ErpQPufLCJQmaI5DJTCOEjzY93f43Tdf+VIARy1Ns5f9SuioJ+8ZagdoX8dfzhl asZGXsksDOqso6oSdP+rHhfI7VFLTcNkN1LuPSfj1cwedyV4cbvuWFPp2jvIpNVg6m ysF47oWuzCMlRDCXJ7m7AWPeWtptmrRXKg4amLDc=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.101] (pcale.tana [172.25.197.101]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wmail.tana.it with ESMTPSA; Fri, 10 May 2013 15:43:47 +0200 id 00000000005DC039.00000000518CF993.000021FA
Message-ID: <518CF993.2060900@tana.it>
Date: Fri, 10 May 2013 15:43:47 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: dmarc@ietf.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: [dmarc-ietf] The "policy" value and replay attacks
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2013 13:44:04 -0000

I consistently get this from a couple of dmarc generators (126 in this
case):

      <dkim>
        <domain>tana.it</domain>
        <result>neutral</result>
        <human_result>
          signature error:
          DKIM-Signature could not parse or has bad tags/values
        </human_result>
      </dkim>

That may refer to the fact that I don't sign some critical fields,
such as the subject and content-type, or to the fact that I use l= to
allow footers.  Shouldn't that get a "policy" result, rather than
"neutral"?

I produce such fettered signing as I found DKIM-Signatures survive
better through mailing list that way.  I'll have to strengthen my DKIM
options in case of abuse, and suppose DMARC reports will make me
notice if someone manages to add a payload without breaking the sig
and then replays the message massively.  However, I'm not clear on how
exactly replay attacks would be detected.  Was that part of DMARC
requirements?