Is there any way to guarantee that I’m securely talking to one of my other Tailscale devices (or even better than I’m securely talking to a specific process on that Tailscale device) without additional auth and encryption? The former seems to be achievable on desktop by using the tailscale-cli (i.e. get status, then open tcp connection to certain device) but for all the other cases (e.g. mobile) I’m still unsure if this is even possible.
I believe you’re asking, how do you know that your device A is actually talking to your device B, in a way that you can independently verify?
Device A finds device B by looking for its public key in the Tailscale control plane. This key is added when your device is added to your tailnet, and revoked when you delete a device from your tailnet. Today, you have no way to independently verify this key is correctly managed (i.e. you effectively must trust Tailscale); but it is something we’re looking to make more transparent.
When device A and device B communicate, that connection has authentication, encryption, and integrity, using ChaCha20-Poly1305, implemented in WireGuard.
You can verify that these connections are occurring as expected by looking at the status, as you point out, or at logs from each device.
Or, it’s possible you’re asking, is the connection from device A to device B secure, or does it need additional authentication and encryption?
That depends on your threat model. If you are using Tailscale to authenticate your users to your network, and so are using an SSO provider to validate that someone is part of your organization, using the same SSO provider twice (in Tailscale, and again in the application itself), doesn’t really provide more security unless you’re hedging for one of the two implementations having a mistake. If you have a different set of controls in place for authentication, well, that’s much more complicated for your users, but might allow you to meet additional authentication needs. (Then I would ask - what do you need in Tailscale? Please file a feature request!)
The encryption provided by the cipher suite in WireGuard is considered best in class today, and doesn’t need additional encryption or authentication. You can read more about it here: Protocol & Cryptography - WireGuard
Thanks for you answer and sorry for my very vague question! I asked a new, more concrete question yesterday but wan’t able to delete this one (How to discover other Tailscale devices on Android and iOS?).
More generally, I’m trying to build a decentralized application on top of Tailscale that automatically discovers other connected devices and regularly exchanges somewhat sensitive data with them without additional encryption (since Tailscale/Wireguard already encrypts as you mention). Apart from the discovery question (the new question linked above), I was worried that, after discovery, if a user temporarily disabled Tailscale on their mobile device, my application wouldn’t be able to tell and continue to try exchanging sensitive unencrypted messages with other devices.
I was worried that, after discovery, if a user temporarily disabled Tailscale on their mobile device, my application wouldn’t be able to tell and continue to try exchanging sensitive unencrypted messages with other devices.
If you mean that the user logs out of Tailscale, or turns Tailscale off, like on a mobile device, then no, it will not be able to establish a connection with another node, and so data won’t be transmitted.
If the device is removed from the network, then its node key is removed from the network. Other devices will not be able to connect to it, and it will not be able to connect to other devices.
Wouldn’t a malicious Wifi hotspot be able to respond from one of the 100.x.x.x IP addresses that Tailscale would have otherwise used, though? I was worried about that because I wasn’t sure if I/my program could check if Tailscale was running on mobile. However, like Avery said in that other thread it seems to be possible to get the Tailscale status even on mobile, so I believe it’s fine.
- A WiFi hotspot isn’t a device on your network. It has no knowledge of Tailscale, and doesn’t run Tailscale, and so doesn’t have a 100.x.x.x IP address.
- The connection between devices is encrypted end to end. So even if a WiFi hotspot could intercept the traffic, it can’t read it, and it can’t create new fake communications.
I was talking about the case when Tailscale is off. Anyway, it seems like there is a way to check if Tailscale is running so it shouldn’t be a problem. Thanks for you help!