ROTATE_INTER_RAIDA_KEY — Group 4, Code 47
Admin: rotate K_rs / complete the key_selector protocol for a suspect peer.
Design-stage — parameters are a first draft
Field sizes are drafted from raidax/ideas_for_suspect_raida_servers.txt (Addenda 5–7) and are not final or implementation-verified. The body is encrypted per the header ENC_CODE; see below.
Phase II — later
This command is Phase II: convenience, recovery, or optimization that is not required for the first working move. Key hygiene; not needed to ship the first move.
How it works
Good security practice is to change shared secrets periodically and to be able to replace one that may be compromised. ROTATE_INTER_RAIDA_KEY lets an administrator refresh the secret key shared between the root and a suspect server (the K_rs established when the suspect was admitted).
It selects a new key version (completing the “key selector” mechanism the protocol uses to pick which shared key applies) so that future server-to-server messages use the new key. Like admission, it is an administrator-only operation. The reply confirms the rotation took effect.
Direction & encryption
- Direction: admin → root
- ENC_CODE: admin-authenticated
Request Body parameters
| Field | Bytes | Description |
|---|---|---|
| CH (challenge) | 16 | Standard challenge / replay protection (per header convention). |
| suspect_id | 2 | Peer whose key to rotate. |
| new_key_selector | 2 | New selector value. |
| EOF | 2 | Terminator (0x3E3E). |
Response Body parameters
| Field | Bytes | Description |
|---|---|---|
| rotated | 1 | 1 = key rotated. |