| ▲ | bananapub 9 days ago | |
tailnet lock seems way way less important for headscale than tailscale, given you personally control the headscale infra. | ||
| ▲ | codethief 9 days ago | parent | next [-] | |
Depends on your threat model. Mine definitely includes one of my servers getting compromised. (Which, tbh, is probably more likely than Tailscale getting hacked.) | ||
| ▲ | SuperShibe 9 days ago | parent | prev | next [-] | |
only until someone finds a zeroday in headscale (remember, it never got audited) or until the server running headscale itself gets compromised. Especially in countries where getting a dedicated public IPv4+IPv6 from your ISP is hard-impossible and you‘d have to rely on a server hosted externally (unless you’re large enough to make deals with the ISP) some company hosting your server still retains at minimum physical control over your headscale infra. For why this is a problem, see the recent Oracle cloud breach. | ||
| ▲ | botto 9 days ago | parent | prev [-] | |
This is my thought as well, if you are in control then you also control which nodes go on your tailnet | ||