I've responded to a subcomment below explaining why "emails from politicians must be leakable" is not a good argument against the author's case.
That said, I think this would be problematic on some levels not being considered. A good part of the world's email infrastructure is decentralized, and doesn't run on providers who update software well and often. If Google were to publish their keys after rotation, a new class of attacks could emerge where attackers could successfully forge authentic emails from Google that would look secure to an outdated provider. Nigerian prince 2.0 if you will.
Decentralization is one of email's biggest strengths. I agree with the premise here, but I don't think the solution is to publish keys. Perhaps moving to a protocol that explicitly provides non-repudiation while keeping backwards compatibility would work.
Can you point to any specific examples of systems that report DKIM signing status but fail to check the validity state of a DKIM signing key? That seems like an extraordinarily unlikely set of circumstances.
That said, I think this would be problematic on some levels not being considered. A good part of the world's email infrastructure is decentralized, and doesn't run on providers who update software well and often. If Google were to publish their keys after rotation, a new class of attacks could emerge where attackers could successfully forge authentic emails from Google that would look secure to an outdated provider. Nigerian prince 2.0 if you will.
Decentralization is one of email's biggest strengths. I agree with the premise here, but I don't think the solution is to publish keys. Perhaps moving to a protocol that explicitly provides non-repudiation while keeping backwards compatibility would work.