> How do you handle the do-before-thinking devs?
replyIsn't that exactly what tailscale is built to accommodate - zero trust?
You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate.
Zerconf ≠ zero trust. The difference could not be more material in this context.
replyIf both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust".
replyUnless one considers the meta data such as src/dest IP are visible to Tailscale sw.
Right?
'Zero trust' has a technical definition that's not really relevant here. See: https://en.wikipedia.org/wiki/Zero_trust.
replyThe concept is separate from 'zero config' (https://en.wikipedia.org/wiki/Zero-configuration_networking), which Tailscale's low technical barrier to entry evokes.