It's got to be simpler than I'm imagining it. Both sides could have independent secrets, like MS1 = hash(S1, my public key), and YS1 = hash(S1, your public key), then we discard S1. So if I just send messages with MS1, MS2, MS3, and MS4, and advance to MS5, if you get any of those, you can try MS1, MS2, MS3, and MS4 in sequence, and once you hit a match, like MS3, you can advance to MS4, discarding MS1-3. While still remaining at YS1. And if the message with MS2 then arrives, it doesn't matter because the message in MS3 overrides it. So each message must override the previous one, including all the same info as if previous messages never arrived at all.
But each of these secrets corresponds to a KSK, so you would end up doing an uncountable number of KSK searches to get all the messages I send, whereas if I only ratcheted when I got a message from you, you'd only have to search for MS1 and MS2, regardless of how many messages I send in a row. I guess there could be an... IHAVE message or something so you'd say YS1(IHAVE MS3) and I could retransmit the other three messages under MS5, MS6 and MS7 (since I already discarded MS1-4 myself. But I don't think retransmission is necessary, when each message is just a CHK to the current complete conversation state, with past messages removed to some degree. Seems like ratcheting could be ignored altogether if the user hits a switch saying "Log my private messages." PFS doesn't matter if you kept a copy of all the messages on your disk when they get you, and if they never get you, then they can't break the encryption even once. But it's stupid to assume that everyone's security model requires forgetting everything your friends have shared with you over the years and never being able to refer back to it. I know people whose reason for refusing to use Tox or Retroshare is because they value having chat logs. And high latency communication is by nature less ephemeral than real time chat, so not logging has questionable benefit to all but the most at-risk. But on the other hand people have been incarcerated for the crime of keeping their own logs, so maybe the ones who want to are making a mistake? It's hard to draw the line between forward secrecy and remembering the past.
