GET_AUTHORITY_SNAPSHOT — Group 21, Code 2
Download the full authority list for an epoch. Used on first contact or after missing several epochs.
Design-stage — parameters are a first draft
Field sizes are drafted from raidax/ideas_for_suspect_raida_servers.txt (Addenda 5–7) and are not final or implementation-verified. The body is encrypted per the header ENC_CODE; see below.
Phase I — essential
This command is part of the Phase I minimum needed for a coin to move from root to suspect (and back) and be trusted by a workstation. The authority list itself; authentication needs it.
How it works
This downloads the full list of coins whose authority has been moved away from the root server, and where each now lives. A client fetches this the first time it needs the data, or after it has been offline long enough to miss several epochs.
The list only contains coins that have actually moved — if a coin is not in the list, it is still on the root, so the list stays small. Critically, the whole snapshot is stamped with an AES-CMAC computed by the root under a key the client shares with it. That lets the client verify the list is genuine and untampered even though it may have downloaded it from a mirror server rather than the root itself. A mirror can serve the data but cannot forge it.
Direction & encryption
- Direction: client → mirror
- ENC_CODE: per client policy
Request Body parameters
| Field | Bytes | Description |
|---|---|---|
| CH (challenge) | 16 | Standard challenge / replay protection (per header convention). |
| epoch | 4 | Epoch id to fetch. |
| want_format | 1 | 0 = raw, 1 = compressed. |
| EOF | 2 | Terminator (0x3E3E). |
Response Body parameters
| Field | Bytes | Description |
|---|---|---|
| epoch | 4 | Epoch id covered. |
| count | 4 | Number of entries. |
| entries | var | Repeating: DN(1) + SN(4) + authority_id(2) = 7 bytes each. Lists only MOVED coins (absent = root). Sorted by (DN,SN). |
| CMAC | 16 | AES-CMAC over (epoch || entries). |