How do you handle the do-before-thinking devs? Or the kinda low-to-mid performing devs? Most companies has one or a few of those, right? They help the company machine go around by doing the somewhat boring stuff over and over again.
Tailscale in a company/developer env seems awesome when you know what you are doing and (potentially) terrifying otherwise.
Does someone set up detailed ACLs for what's allowed? How well does that work?
> How do you handle the do-before-thinking devs?
Isn't that exactly what tailscale is built to accommodate - zero trust?
You set up ACLs and other permissions to not allow people to do more than the damage you can tolerate.
Zerconf ≠ zero trust. The difference could not be more material in this context.
If both sides of your ssh tunnel (pub,private keys) are under your control, in theory, that's "zero trust".
Unless one considers the meta data such as src/dest IP are visible to Tailscale sw.
Right?
'Zero trust' has a technical definition that's not really relevant here. See: https://en.wikipedia.org/wiki/Zero_trust.
The concept is separate from 'zero config' (https://en.wikipedia.org/wiki/Zero-configuration_networking), which Tailscale's low technical barrier to entry evokes.