|
|
|
|
|
|
by dvzk
1463 days ago
|
|
|
I've never used or examined Tailscale either, but I assumed that: - Tailnet traffic needs to be associated with an approved device key - Tailnet device addition needs to be signed by the offline key of another approved device If a compromised control plane and/or SSO provider can add and approve devices on their own then the security architecture of Tailscale would be fundamentally broken. I wouldn't even call it end-to-end encrypted. |
|
|