Introducing tailnet lock: use Tailscale without trusting our infrastructure!

Tailscale introduces "tailnet lock," a new security feature designed to enhance trust and security in its network management service by allowing users to verify public keys distributed by Tailscale's coordination server. This feature aims to eliminate the need for users to trust Tailscale's coordination server entirely, as it introduces a system where nodes must be endorsed by cryptographic signatures from trusted tailnet lock keys before they can connect to other nodes. This endorsement mechanism helps prevent unauthorized or malicious nodes from joining a network, even if the coordination server were compromised. The implementation involves a tailnet key authority to manage trusted tailnet lock keys, and it requires users to set up disablement secrets for emergency situations. Tailnet lock is currently in an alpha phase, accessible to select users, and Tailscale plans to improve the user experience by addressing certain limitations and expanding availability.