[Cryptography] Proposal of a fair contract signing protocol

[Ray Dillinger]

On 06/13/2016 10:26 AM, Allen wrote:

> I believe the original poster is proposing a technical solution that
> provides hard-to-refute proof, i.e., something more than just
> he-said-she-said or "this is the record of all communications" vs "no it's
> not, that is forged, here's the true record".

I do not understand how that is an issue.

Surely, if each message contains the hash of messages received so far,
then the last message (at any time) contains the root of a Merkle tree
demonstrating the complete correspondence record.  There is no way for
Bob or Alice to continue correspondence while keeping the other ignorant
of what is and isn't on the official record of their correspondence, and
either can prove the existence and receipt of any message ever responded
to "on the record" by the other.

At any moment, both correspondents have a complete record of everything
the other has acknowledged "on the record", and anything not
acknowledged is inoperative as part of the record anyway because the
other party might not have even received it. It can be resent, and any
further messages originating from the sender will include its hash, or
else the correspondence can just plain stop until it's acknowledged.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160613/502557e7/attachment.sig>