Yes, I've now read it and it answered those questions. But it also stumbled upon an easier possible solution without realizing it: if you wish to pretend you didn't send some emails, you can still claim that someone stole your password. Whether this claim will be believed or not, is independent of DKIM.
Spoofing is a better excuse than a stolen password only in the case of a single email. If there's a conversation spanning multiple messages, a spoofer wouldn't be able to properly answer the messages of the other party, as he doesn't receive them.
If someone lies that their password was stolen to hide them being the originator of a single email, who are they telling the lie? Is it a court? In many cases the person would be caught through behavioral analysis. They didn't change their password, so it wasn't really stolen. No other emails were improperly authored, so it wasn't really stolen. They never reported it to the email server owner, so it wasn't really stolen.
Lying isn't a stronger defense to perform abuse than weak keys are for stopping abuse.
> They didn't change their password, so it wasn't really stolen
You change your password only after you realize it got stolen. If you didn't realize it, then it makes sense you didn't change it. And, depending on the specific case, you could find plausible explanations also for the other points.
I used to spoof emails to my teachers in high school asking them to come to the principle's office asap, and email the principle from another random teacher at the same time for him to come to the class room, and that random teacher to expect the principal at a certain time. We'd be teacher free for quite awhile because the principal wasn't there, and our teacher was.
Sure, but my point was different: let's say one of your teacher answered the spoofed email from the principal, you wouldn't be able to (properly) answer that email since you wouldn't receive it. So, in the case of an email exchange between two people, one can't claim his/her emails were spoofed, as the spoofer wouldn't be able to answer the other party's emails in a precise and on topic way. This is without even considering that, bh default, most email clients include the previous messages inside a reply. Meaning that the spoofer would somehow be able to know the other party's reply exactly word by word.
If you publish DKIM keys, you don't have to convince anybody that you were targeted by someone who stole your password, because your stolen email spool no longer reveals to attackers the authenticity of your emails, which is what you as a user want.
No you don't. You just say "that email is fake and you can't prove otherwise", and you're right. What's almost more important is: there is no reason not to give users that affordance. They literally do not benefit from the non-repudiability of their email archive. The OTR paper got this right 20 years ago, and in the process basically created the entire field of secure messaging.
It is wild to see people argue against it! They're basically pleading with email providers to collude with attackers to violate their privacy.
I think here is where the problem isn't purely a technical one anymore. You're right that, from a legal perspective, there is a difference as the burden of proof would now be on someone else. But, if this actually matters or not, depends entirely on the situation. If you're a criminal trying to get away with something then the change in the burden of proof is all you need. If instead you're a politician trying to avoid some imbarassment, the situation isn't any different: you're claiming in both cases that someone is trying to frame you for something you didn't say. In one case, this person stole your password, in the other he/she used an old and by now publicly available DKIM key. But if people believe you or not (and this would be everything a politician would care about) depends on factors outside the scope of cryptography. Regarding OTR: IIRC it is based on a shared secret. This can work for IM, but it wouldn't scale for emails as it would pose the key distribution issues that made us discover public key cryptography.
If you are a politician trying to get away with something, the public might have an interest in your secure messaging system being bad, but you yourself do not. Secure messaging systems generally take the side of their users, not the public.
Sorry, I'm missing what you're trying to say here, maybe that a politician would be more careful about which message system he's using? I don't think that's necessarily the case.
Anyway, to further add to my point, depending on the context you don't even need to claim that someone stole your password. In the company where I am now , it is custom that, if someone finds out someone else didn't lock their computer, that someone sends an email (from the victim's account) to the whole office saying that the victim is going to bring cake to the office. DKIM is meant to prove that a message comes from an authorized server, but to prove the identity of the sender as well you need something more.
Edit: to be fair, I do get that with DKIM deniability gets harder. But I think that, for the average person, you would gain more in terms of spam and phising protection than what you loose. High profile targets have to take different security measures than the masses anyway.
What I'm saying is that the "crooked politician" use case you're talking about for DKIM is a way in which you're pleased that a messaging system is insecure, because that insecurity works in your favor (because you're not the user; you just want to violate that user's privacy). But no rational user would want that property for themself; they can only lose from it.
Thank you, I get it now. The reason why I focused on that specific example, is because it is used in the blog post as proof that DKIM is being actively used to prove that someone actually sent an email.
