Docs and a bit of cleanup. In particular ALL makes no sense for revocations because they have IDs. In that case you would just revoke the COM.

node/Capability.hpp

@@ -52,6 +52,11 @@ class RuntimeEnvironment;
  *
  * Note that this is after evaluation of network scope rules and only if
  * network scope rules do not deliver an explicit match.
+ *
+ * Capabilities support a chain of custody. This is currently unused but
+ * in the future would allow the publication of capabilities that can be
+ * handed off between nodes. Limited transferrability of capabilities is
+ * a feature of true capability based security.
  */
 class Capability
 {

node/CertificateOfRepresentation.hpp

@@ -32,6 +32,21 @@
 
 namespace ZeroTier {
 
+/**
+ * A signed enumeration of a node's roots (planet and moons)
+ *
+ * This is sent as part of HELLO and attests to which roots a node trusts
+ * to represent it on the network. Federated roots (moons) can send these
+ * further upstream to tell global roots which nodes they represent, making
+ * them reachable via federated roots if they are not reachable directly.
+ *
+ * As of 1.2.0 this is sent but not used. Right now nodes still always
+ * announce to planetary roots no matter what. In the future this can be
+ * used to implement even better fault tolerance for federation for the
+ * no roots are reachable case as well as a "privacy mode" where federated
+ * roots can shield nodes entirely and p2p connectivity behind them can
+ * be disabled. This will be desirable for a number of use cases.
+ */
 class CertificateOfRepresentation
 {
 public:

node/Membership.cpp

@@ -223,8 +223,7 @@ Membership::AddCredentialResult Membership::addCredential(const RuntimeEnvironme
 			const uint64_t now = RR->node->now();
 			switch(rev.type()) {
 				default:
-				//case Revocation::CREDENTIAL_TYPE_ALL:
-					return ( (_revokeCom(rev)||_revokeCap(rev,now)||_revokeTag(rev,now)||_revokeCoo(rev,now)) ? ADD_ACCEPTED_NEW : ADD_ACCEPTED_REDUNDANT );
+					return ADD_REJECTED;
 				case Revocation::CREDENTIAL_TYPE_COM:
 					return (_revokeCom(rev) ? ADD_ACCEPTED_NEW : ADD_ACCEPTED_REDUNDANT);
 				case Revocation::CREDENTIAL_TYPE_CAPABILITY:

node/Revocation.hpp

@@ -47,9 +47,12 @@ class RuntimeEnvironment;
 class Revocation
 {
 public:
+	/**
+	 * Credential type being revoked
+	 */
 	enum CredentialType
 	{
-		CREDENTIAL_TYPE_ALL = 0,
+		CREDENTIAL_TYPE_NULL = 0,
 		CREDENTIAL_TYPE_COM = 1, // CertificateOfMembership
 		CREDENTIAL_TYPE_CAPABILITY = 2,
 		CREDENTIAL_TYPE_TAG = 3,
@@ -61,6 +64,15 @@ public:
 		memset(this,0,sizeof(Revocation));
 	}
 
+	/**
+	 * @param i ID (arbitrary for revocations, currently random)
+	 * @param nwid Network ID
+	 * @param cid Credential ID being revoked (0 for all or for COMs, which lack IDs)
+	 * @param thr Revocation time threshold before which credentials will be revoked
+	 * @param fl Flags
+	 * @param tgt Target node whose credential(s) are being revoked
+	 * @param ct Credential type being revoked
+	 */
 	Revocation(const uint64_t i,const uint64_t nwid,const uint64_t cid,const uint64_t thr,const uint64_t fl,const Address &tgt,const CredentialType ct) :
 		_id(i),
 		_networkId(nwid),