Ok, so there's a time window where it's possible to prove that you were the sender. And if I use a qualified timestamp service to sign all messages arriving in my inbox, then I can prove that you were the sender indefinitely.
Something like that, as long as you can also prove I hadn’t published the key prior to that. If I publish at random times and to random URL, that may be challenging.
Yes, but then it also encroaches on ability to verify that you were the sender when receiving the original email. Basically, unless the recipient also checks whether the current DKIM key has been published, then they can't trust it because it may be published. If it's being published at random times and to a random URL, then it's nearly impossible to actually check.
So I agree that it brings deniability, but I don't agree that it still meets the original purpose of verifying the sender.
That’s all true, but I bet 99.99% of all email is delivered within a minute or so of being send. There are exceptions, of course, but in practice the whole thing is pretty fast.
So there’s some threat modeling, too. Are you trying to email someone highly adversarial? Maybe you’re at a law office or such and that’s the case! This wouldn’t help a lot there. Not everyone is immediately forwarding all inbound mails to a timestamping service though.
(I don’t have skin in this game, so I’ll probably duck out after this. I don’t have opinions on whether publishing old DKIM keys is good or bad.)
> I bet 99.99% of all email is delivered within a minute or so of being send
No doubt that is true. However, given the total volume of email, even that tiny, tiny remaining fraction still represents actual mail with legitimate use-cases. So it's good to bear that fact in mind and not roughly implement 80-20 stuff that tramples on those.
