Brad Fitzpatrick (brad) wrote,
Brad Fitzpatrick

Verifiable AIM conversations

Digitally signed messages are cool, but it requires the entire message be signed and sent-along to be verified. I thought it'd be cool if you could get a digitally signed message from somebody, forward a snippet of it along to somebody else, and still have that snippet be verifiable. (please, stop... I know all the arguments against why this would be a bad thing.)

But, I got thinking about the topic of verifiable AIM conversations. There, the idea of verifying any range of a conversation is important, especially as there is no state to an IM "session" with somebody.

So what we need is rolling signing. But you can't just have the server sign each line of text back and forth, though, because then lines of text can be removed/reordered and it'd still pass as authentic.

My idea: the server gives each line of conversation a unique identifier, and stamps each line with the identifier of the most immediately preceding line of text in the conversation (whether it be from either party), so long as it's within the last few hours (so the server doesn't have to store n^2 "lastid" strings). And a signature of its server key, which may change over time. Then, the server also sends back to the clients:

text (which includes, say, the "From:" field, for simplification)
HashOfChoice( uniqid + lastid + text + server_key )

Now, the client logs all that (just as gaim and other clients do), and AIM provides a verify service in the TOC/OSCAR protocol where you give uniqueid/lastid/text/hash and see if the hash is valid.

The server won't need to care about deleting/reordering validation ... that can all be done by the client with the uniqueid/lastid fields. And if a part is deleted, the client can just say, "these two ranges are verified, but something's missing here."

The only extra cost for the server is maintaining the "lastid" fields, which are temporal.

Beautiful, no? Then people could actually prove snippets of AIM conversations took place and weren't forged.

Punch a hole in my idea, cryptanalysts!

  • Ukraine

    Nobody reads my LiveJournal anymore, but thank you to everybody in Russia protesting Putin's insane war against Ukraine. (I know it's risky…

  • Happy Birthday!

    Happy 20th Birthday, LiveJournal! 🐐🎂🎉

  • hi

    Posting from the iPhone app. Maybe I'm unblocked now.

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.