I've said it before, but Zero Trust is such a misnomer. It implies less trust in firewalls, VPNs, and other network controls, but much more trust in the ability of end-user devices to securely store and use private keys. Also, the server side has has to trust all incoming connections from the Internet enough to verify the certificates, and run a complicated TLS implementation, which can be a huge attack surface. We're sticking with WireGuard for all our internal users.
parliament32|3 days ago
hinkley|3 days ago