ADMIT_SUSPECT_PEER — Group 4, Code 46
Admin: provision a suspect server into the inter-RAIDA key fabric using its own coin (establishing K_rs). Extends the Key Exchange group.
Design-stage — parameters are a first draft
Field sizes are drafted from raidax/ideas_for_suspect_raida_servers.txt (Addenda 5–7) and are not final or implementation-verified. The body is encrypted per the header ENC_CODE; see below.
Phase I — essential
This command is part of the Phase I minimum needed for a coin to move from root to suspect (and back) and be trusted by a workstation. Enrolls a suspect; no server-to-server step works without it.
How it works
Before a suspect server can take part in moves at all, it must be enrolled so that it and the root share a secret key to talk securely. This administrative command does that enrollment. The suspect is given (or registers) its own CloudCoin, and the secret of that coin becomes the basis of the shared root–suspect key (referred to as K_rs).
That shared key is what lets later server-to-server steps — validating move tickets, transferring coins, publishing authority lists — be authenticated with AES, no public-key cryptography required. Only an administrator can run this, since admitting a new authority into the system is a trust decision. After admission, the suspect is a recognized peer that the root will cooperate with on moves.
Direction & encryption
- Direction: admin → root
- ENC_CODE: admin-authenticated
Request Body parameters
| Field | Bytes | Description |
|---|---|---|
| CH (challenge) | 16 | Standard challenge / replay protection (per header convention). |
| suspect_id | 2 | Server id to admit. |
| suspect_DN | 1 | Denomination of the suspect's own coin. |
| suspect_SN | 4 | Serial number of the suspect's own coin. |
| key_selector | 2 | Selector for the K_rs key. |
| EOF | 2 | Terminator (0x3E3E). |
Response Body parameters
| Field | Bytes | Description |
|---|---|---|
| admitted | 1 | 1 = peer admitted; K_rs established. |