[koolba]

Very cool research!

Is there any proof-of-existence archive of DKIM keys or DNS record changes in general? Seems like a perfect use case for blockchain[1]. If the DKIM keys were rolled over or replaced since they were originally sent out, there wouldn't be anything to compare them against. Having a record that can show proof-of-existence (at a min point in time) would cover that.

[1]: Ha! I knew there would eventually be a legit use case!

[robryk]

This just requires the inability-to-rewind property of the blockchain, doesn't require there to be one centralized log of events and doesn't require protections against flooding with data (if we verify that the DNS records are correct at the point of inserting). This makes a certificate-transparency-like solution just as good and much less complicated (one can arguably call that blockchain, but usually people mean by that things that can support a currency).

[EdHominem]

Well, we've been making validated structures where a checksum (essentially a pre-cryptographic hash) of the last data-block is included in the next since the sixties. (And I suspect much further back in an accounting context.)

The difference these days is a protection, via proof-of-work, against just creating a new, valid, chain by editing the old one.

That proof of work, to be translatable into a dollar value, requires a market for the proofs and that's the currency part. (Without that you don't know the true market value of the energy required for the PoW.)