[apenwarr]

(I'm from Tailscale) You've nailed the problem statement, but we are trying to find a better solution.

The current "zero trust networking" trend is actually not about distrusting the endpoints; it's about distrusting the network, and securing the endpoints. Tailscale lets you distrust the network and allow only trusted endpoints, which is a step.

You're right that more steps are needed before we can also prevent CSRF/SSRF attacks on internal-private services, but that ought to be done at a higher level, not in every single app. The latter is just too error prone, as we see over and over.

[tprynn]

Curious what the higher-level solution to CSRF/SSRF is? I’m struggling to think how it could be prevented except at the browser level (for CSRF). And for SSRF if there’s a legitimate need for a network path between two services but one has an SSRF issue, how can you stop that?