I should have been clearer, the assertion is "this is my user's key".
Let's focus on the case where it's completely false, yet it's still
reasonable to trust the domain to publish the right MX records. I'm not
seeing that case at all, so I'd appreciate some help.
A straightforward example is that the mail system, through malice or
outside pressure, does an MITM attack on users who have their own keys, so
it publishes a key it controls and re-encrypts mail on the way through to
the user's own key. An outsider who had the old key might notice that the
key changed, or if he didn't have the old key, probably not.
Or if I were a domain operator who was lazy in a certain sort of way,
rather than opening up my creaky provisioning software to add a way for my
users to put keys into my system, every once in a while I'd just pull
whatever keys I could find on outside key servers and publish those.
My point is that unless you know about the domain's relationship with its
users, keys provided this way are no more credible than keys from anywhere
else. DNSSEC has not added anything useful.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.