From 32fa0617004e80c99b341eb1b4753705b515b53a Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 23 Aug 2016 13:02:59 -0700
Subject: Compute credential TTL et al.

---
 node/CertificateOfMembership.hpp |  5 -----
 node/Membership.hpp              |  4 ++--
 node/NetworkConfig.hpp           | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 7 deletions(-)

(limited to 'node')

diff --git a/node/CertificateOfMembership.hpp b/node/CertificateOfMembership.hpp
index 304111d6..2d7c2cb3 100644
--- a/node/CertificateOfMembership.hpp
+++ b/node/CertificateOfMembership.hpp
@@ -33,11 +33,6 @@
 #include "Identity.hpp"
 #include "Utils.hpp"
 
-/**
- * Default window of time for certificate agreement
- */
-#define ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA (ZT_NETWORK_AUTOCONF_DELAY * 5)
-
 /**
  * Maximum number of qualifiers allowed in a COM (absolute max: 65535)
  */
diff --git a/node/Membership.hpp b/node/Membership.hpp
index 92bd7ebf..a845b992 100644
--- a/node/Membership.hpp
+++ b/node/Membership.hpp
@@ -32,10 +32,10 @@
 #include "NetworkConfig.hpp"
 
 // Expiration time for capability and tag cache
-#define ZT_MEMBERSHIP_STATE_EXPIRATION_TIME (ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA * 4)
+#define ZT_MEMBERSHIP_STATE_EXPIRATION_TIME 600000
 
 // Expiration time for Memberships (used in Peer::clean())
-#define ZT_MEMBERSHIP_EXPIRATION_TIME (ZT_MEMBERSHIP_STATE_EXPIRATION_TIME * 4)
+#define ZT_MEMBERSHIP_EXPIRATION_TIME (ZT_MEMBERSHIP_STATE_EXPIRATION_TIME * 2)
 
 namespace ZeroTier {
 
diff --git a/node/NetworkConfig.hpp b/node/NetworkConfig.hpp
index a853d020..e1a4e302 100644
--- a/node/NetworkConfig.hpp
+++ b/node/NetworkConfig.hpp
@@ -40,6 +40,22 @@
 #include "Dictionary.hpp"
 #include "Identity.hpp"
 
+/**
+ * Default maximum credential TTL and maxDelta for COM timestamps
+ *
+ * The current value is two hours, providing ample time for a controller to
+ * experience fail-over, etc.
+ */
+#define ZT_NETWORKCONFIG_DEFAULT_MAX_CREDENTIAL_TTL 7200000ULL
+
+/**
+ * Default minimum credential TTL and maxDelta for COM timestamps
+ *
+ * This is just slightly over three minutes and provides three retries for
+ * all currently online members to refresh.
+ */
+#define ZT_NETWORKCONFIG_DEFAULT_MIN_CREDENTIAL_TTL 185000ULL
+
 /**
  * Flag: allow passive bridging (experimental)
  */
-- 
cgit v1.2.3