I think Tailscale would be a great candidate for SQRL


warwagon

Active member
May 20, 2018
27
23
Iowa
After listing to the latest security now podcast and installing and
playing with Tailscale, I realized that SQRL would be a GREAT way to
authenticate your Tailscale account.

I know a lot of sites have great use cases for SQRL but this one especially. I think we should email them regarding a feature we would like to see. I mean SQRL adoption has to start somewhere.

 

PHolder

Well-known member
May 19, 2018
237
53
Yeah, I had that thought when I first encountered Tailscale (as a concept, I have never actually used it.) I actually even wrote them to discuss the topic. The answer I got back was basically a PFO. They are only seriously interested in Enterprise [SSO] integration, and that is not where SQRL is at this point in time.
 
  • Like
  • Wow
Reactions: hardyian and Dave

Dave

Well-known member
May 19, 2018
129
20
Gardner, MA
Yeah, I had that thought when I first encountered Tailscale (as a concept, I have never actually used it.) I actually even wrote them to discuss the topic. The answer I got back was basically a PFO. They are only seriously interested in Enterprise [SSO] integration, and that is not where SQRL is at this point in time.
New one on me: https://www.urbandictionary.com/define.php?term=PFO :ROFLMAO: (Though I guessed correctly on the last two letters.)
 

PHolder

Well-known member
May 19, 2018
237
53
New one on me
For me I learned it from my days of having my resume rejected back when they would actually bother to contact you in person to let you know they were going with a different candidate.
 
  • Sad
Reactions: Dave

frisbin

New member
Aug 11, 2021
1
0
SQRL and Tailscale would be great. I was about to sign up today, but they would not allow a simple email user registration. That is disappointing. Steve should mention this Tailscale shortcoming on SN.
 

PHolder

Well-known member
May 19, 2018
237
53
Here's what I sent and what I got back:

SQRL is designed to allow the user to be in control of their identity
and not give servers any credential to leak.
https://www.grc.com/sqrl/sqrl.htm https://sqrl.grc.com/ Would prefer
it to any of the 3rd party authentication providers because I don't
want to rely on someone like Google who can lock your account at any
point for any reason or can be socially engineered.

Reply from Tailscale:

Hello,

Currently we use 3rd party identity providers to authenticate accounts: Google (personal or GSuite/Workspace), Microsoft (personal, Azure AD, O365), Okta, Onelogin or in the case of large enterprise deployments, a custom OpenID connect or SAML identity provider. Of those, for the free personal plans you can choose Google or Microsoft.

We do have plans to add some additional providers in future, you can see the options we are considering at https://github.com/tailscale/tailscale/issues?q=is:issue+is:open+label:identity+ although there is no particular timeline for additional providers at present. If you would like to file an issue requesting SQRL, we can give it a look but I don't think it currently fits well into our data model which associates people with others in the same organization by matching e-mail address domain (so we require both identity and authentication). We are looking at improving our data model in future and SQRL may be more appropriate (so far I have only skimmed through the overview document) after that work is complete.

Of the authentication mechanisms we were already considering, perhaps https://github.com/tailscale/tailscale/issues/52#issuecomment-769421413 would be acceptable to you: a proposal to use DKIM-signed e-mail to perform authentication, which offers a mechanism that does not rely on 3rd party identity providers.

Adrian Dewhurst (he/him)
Member of Technical Staff | Tailscale | @tailscale
 

warwagon

Active member
May 20, 2018
27
23
Iowa
Reply from Tailscale:
Here's what I sent and what I got back:

in future and SQRL may be more appropriate (so far I have only skimmed through the overview document) after that work is complete.

the-free-press-tampa-chance.gif
 
  • Like
  • Love
Reactions: MentemEdge and Dave

Dave

Well-known member
May 19, 2018
129
20
Gardner, MA
associates people with others in the same organization by matching e-mail address domain (so we require both identity and authentication)
Of course, as we all know, there is nothing about using SQRL that would preclude them from requiring identity information.