[ocrow]

A global database of which DKIM keys were served by which mail domains on which day would not be hard for anyone to create and would make it possible to cryptographically validate the sending host after the fact, even for hosts that rotated and published old DKIM key pairs, surely? This technique to make old emails repudiable doesn't seem very robust.

[remram]

That does not break the scheme at all? In fact it is counting on it. The point is to publish the private keys, which would match the public keys in your database.

The point is to forge emails, not domain keys.

[gumby]

That would make the system even easier.

The point of this proposal is that with rotation someone could not prove that a message hadn’t been forged retrospectively. It would then be almost impossible to establish an airtight chain of custody