Tailscale user:
Is the profile / ACL a client receives cryptographically signed in some way?
Support:
The connection to the coordination server is authenticated so we know that the coordination server sent the update, but the update itself is not signed.