3 files changed, 18 insertions, 7 deletions

diff --git a/node/CertificateOfMembership.hpp b/node/CertificateOfMembership.hpp
index 304111d6..2d7c2cb3 100644
--- a/node/CertificateOfMembership.hpp
+++ b/node/CertificateOfMembership.hpp
@@ -34,11 +34,6 @@
 #include "Utils.hpp"
 
 /**
- * Default window of time for certificate agreement
- */
-#define ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA (ZT_NETWORK_AUTOCONF_DELAY * 5)
-
-/**
  * Maximum number of qualifiers allowed in a COM (absolute max: 65535)
  */
 #define ZT_NETWORK_COM_MAX_QUALIFIERS 8
diff --git a/node/Membership.hpp b/node/Membership.hpp
index 92bd7ebf..a845b992 100644
--- a/node/Membership.hpp
+++ b/node/Membership.hpp
@@ -32,10 +32,10 @@
 #include "NetworkConfig.hpp"
 
 // Expiration time for capability and tag cache
-#define ZT_MEMBERSHIP_STATE_EXPIRATION_TIME (ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA * 4)
+#define ZT_MEMBERSHIP_STATE_EXPIRATION_TIME 600000
 
 // Expiration time for Memberships (used in Peer::clean())
-#define ZT_MEMBERSHIP_EXPIRATION_TIME (ZT_MEMBERSHIP_STATE_EXPIRATION_TIME * 4)
+#define ZT_MEMBERSHIP_EXPIRATION_TIME (ZT_MEMBERSHIP_STATE_EXPIRATION_TIME * 2)
 
 namespace ZeroTier {
 
diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp
index a853d020..e1a4e302 100644
--- a/node/NetworkConfig.hpp
+++ b/node/NetworkConfig.hpp
@@ -41,6 +41,22 @@
 #include "Identity.hpp"
 
 /**
+ * Default maximum credential TTL and maxDelta for COM timestamps
+ *
+ * The current value is two hours, providing ample time for a controller to
+ * experience fail-over, etc.
+ */
+#define ZT_NETWORKCONFIG_DEFAULT_MAX_CREDENTIAL_TTL 7200000ULL
+
+/**
+ * Default minimum credential TTL and maxDelta for COM timestamps
+ *
+ * This is just slightly over three minutes and provides three retries for
+ * all currently online members to refresh.
+ */
+#define ZT_NETWORKCONFIG_DEFAULT_MIN_CREDENTIAL_TTL 185000ULL
+
+/**
  * Flag: allow passive bridging (experimental)
  */
 #define ZT_NETWORKCONFIG_FLAG_ALLOW_PASSIVE_BRIDGING 0x0000000000000001ULL