[messaging] Provable (private) conversation while allowing (somewhat) precise redaction

[Tamme Schichler]

Hi,

normally I just read this list but something just came up in a
conversation and I can't find any existing solutions:

Let's say A wants to talk with B privately (not necessarily securely,
but there can't be witnesses since the content of the conversation may
contain private matters). The problem is that B has a history of lying
about such conversations, so A wants to be able to prove as much as
becomes necessary to deflect allegations, but also little as possible to
protect the privacy of either side or third parties (or the other way
around, as usual the solution would ideally be symmetric).

It's possible to use OpenPGP to get somewhat near the intended
behaviour, but the chunks that would become unverifiable would become
very large. (If you quote the last message you received and go for a
strictly alternating conversation you lose unilateral proof for two
messages for any redaction in them.)

Ideally it would be possible to redact (but not reorder!) on word
boundaries without revealing how much was redacted, while also not
publishing signatures for the redacted parts (since they would be short
and too easy to brute-force, at least as I understand the topic).


I can sort of imagine a scheme that would allow this, but it would have
relatively heavy overhead and is far from anything I know in terms of
existing programs. (Basically it would create signed versions for all
eventualities, at least per message, during the conversation.)

It would be great if any of you knew a tool that allows a conversation
of this kind to take place.


Tamme