>>>>> "John" == John R Levine <johnl@xxxxxxxxx> writes:
John> I should have been clearer, the assertion is "this is my
John> user's key".
>> Let's focus on the case where it's completely false, yet it's
>> still reasonable to trust the domain to publish the right MX
>> records. I'm not seeing that case at all, so I'd appreciate some
>> help.
John> A straightforward example is that the mail system, through
John> malice or outside pressure, does an MITM attack on users who
John> have their own keys, so it publishes a key it controls and
John> re-encrypts mail on the way through to the user's own key. An
John> outsider who had the old key might notice that the key
John> changed, or if he didn't have the old key, probably not.
I think this is OK.
That's what you get for using a domain who does this sort of thing as
your email provider.
Especially if the domain insists on being able to decrypt email and this
is their way of trying to not break encryption, I think you'll get
better results than with the key servers. Yes, you have an annoying
choice as a sender: trust the new key and let others read the encrypted
traffic or use a key you get elsewhere and have your mail fail to
deliver.
So, no I don't consider this a case where this proposal results in the
wrong thing happening.
I do consider this proposal's handling of this case superior to the key
servers.