Re: [dmarc-ietf] The "policy" value and replay attacks
Franck Martin <fmartin@linkedin.com> Fri, 10 May 2013 17:54 UTC
Return-Path: <prvs=83596fa9f=fmartin@linkedin.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 706EC21F86DD for <dmarc@ietfa.amsl.com>; Fri, 10 May 2013 10:54:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.432
X-Spam-Level:
X-Spam-Status: No, score=-6.432 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCQmtWh0XOrj for <dmarc@ietfa.amsl.com>; Fri, 10 May 2013 10:54:21 -0700 (PDT)
Received: from esv4-mav04.corp.linkedin.com (esv4-mav04.corp.linkedin.com [69.28.149.80]) by ietfa.amsl.com (Postfix) with ESMTP id C5E0021F86D8 for <dmarc@ietf.org>; Fri, 10 May 2013 10:54:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkedin.com; i=@linkedin.com; q=dns/txt; s=proddkim1024; t=1368208461; x=1399744461; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=pboQp/BYBP4Q0PEctkFzWZx1aR619OlEI+YKuis4KOY=; b=l6YUIE1RKxKd3GIVKC9um581/9c81SLg7Oj3b5pRd7pyw4lbM+NIzvv9 YLBIi5qY65ljw26pPDrdvL5gtcvb+kl098VqPJLKnBgyUKTGTMqsrsHc2 VzgQOxtBFSYcy5t7ZtTP1SLYDkBfeMrMOISpx+p+NSwF6HDEkDJb2RnKF U=;
X-IronPort-AV: E=Sophos;i="4.87,650,1363158000"; d="scan'208";a="47030868"
Received: from ESV4-MBX01.linkedin.biz ([fe80::d029:a1fa:62c4:2641]) by esv4-cas02.linkedin.biz ([172.18.46.142]) with mapi id 14.02.0328.011; Fri, 10 May 2013 10:54:11 -0700
From: Franck Martin <fmartin@linkedin.com>
To: Alessandro Vesely <vesely@tana.it>
Thread-Topic: [dmarc-ietf] The "policy" value and replay attacks
Thread-Index: AQHOTYSJbFDVOesBRU639fbOC76Nbpj/KRgA
Date: Fri, 10 May 2013 17:54:11 +0000
Message-ID: <77426B543150464AA3F30DF1A91365DE53067C6D@ESV4-MBX01.linkedin.biz>
References: <518CF993.2060900@tana.it>
In-Reply-To: <518CF993.2060900@tana.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.18.46.250]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6782FBB99824994BAC3336E4618B0103@linkedin.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<dmarc@ietf.org>" <dmarc@ietf.org>
Subject: Re: [dmarc-ietf] The "policy" value and replay attacks
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dmarc>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 May 2013 17:54:25 -0000
If not mistaken this is the DKIM result, not the the DMARC-DKIM result, there is a whole confusion which one is which if you don't read carefully the spec, sometimes I get lost myself On May 10, 2013, at 6:43 AM, Alessandro Vesely <vesely@tana.it> wrote: > I consistently get this from a couple of dmarc generators (126 in this > case): > > <dkim> > <domain>tana.it</domain> > <result>neutral</result> > <human_result> > signature error: > DKIM-Signature could not parse or has bad tags/values > </human_result> > </dkim> > > That may refer to the fact that I don't sign some critical fields, > such as the subject and content-type, or to the fact that I use l= to > allow footers. Shouldn't that get a "policy" result, rather than > "neutral"? > > I produce such fettered signing as I found DKIM-Signatures survive > better through mailing list that way. I'll have to strengthen my DKIM > options in case of abuse, and suppose DMARC reports will make me > notice if someone manages to add a payload without breaking the sig > and then replays the message massively. However, I'm not clear on how > exactly replay attacks would be detected. Was that part of DMARC > requirements? > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] The "policy" value and replay attacks Alessandro Vesely
- Re: [dmarc-ietf] The "policy" value and replay at… Franck Martin