>>>>> "John" == John R Levine <johnl@xxxxxxxxx> writes: John> I should have been clearer, the assertion is "this is my John> user's key". >> Let's focus on the case where it's completely false, yet it's >> still reasonable to trust the domain to publish the right MX >> records. I'm not seeing that case at all, so I'd appreciate some >> help. John> A straightforward example is that the mail system, through John> malice or outside pressure, does an MITM attack on users who John> have their own keys, so it publishes a key it controls and John> re-encrypts mail on the way through to the user's own key. An John> outsider who had the old key might notice that the key John> changed, or if he didn't have the old key, probably not. I think this is OK. That's what you get for using a domain who does this sort of thing as your email provider. Especially if the domain insists on being able to decrypt email and this is their way of trying to not break encryption, I think you'll get better results than with the key servers. Yes, you have an annoying choice as a sender: trust the new key and let others read the encrypted traffic or use a key you get elsewhere and have your mail fail to deliver. So, no I don't consider this a case where this proposal results in the wrong thing happening. I do consider this proposal's handling of this case superior to the key servers.