Compare · vs Tailscale
A great human VPN. A different architecture from Beacons.
Tailscale is well-engineered and beloved by developers running their own mesh of laptops and servers. Beacons starts from a different requirement: agents and humans as equal peers, identity rooted in cryptographic lineage, ACLs derived from organizational governance. Same wire — WireGuard — different control plane.
Identity model
Tailscale identity is anchored to a human SSO account (Google, Microsoft, Okta, etc.). Devices receive tailnet membership through a setup key tied to that account. This works well when every peer is a person.
Beacons identity is a `did:oas` rooted in a cryptographic lineage tree. Every peer — agent, server, ESP32, SIM — derives from a parent that signed its existence. Revoke a parent, and every descendant drops automatically. There are no setup keys.
Access control
Tailscale ACLs are hand-authored in HuJSON: 'these tags can reach those tags on these ports'. The author is a human who edits and re-deploys the policy file.
Beacons ACLs are derived. You write ENR governance — trusted roots, accepted entity kinds, required capability scopes, attestation issuers — once. The policy engine computes every ACL from that governance, continuously, whenever lineage / capability / attestation state changes.
Transports
Tailscale is WireGuard end-to-end. That's a strength when the device can run WireGuard.
Beacons is multi-transport from line one. WireGuard is the preferred default; userspace WireGuard, WebRTC, MQTT, CoAP, cellular IP, LoRa, and satellite IP are all first-class. An ESP32 can be a peer through MQTT brokered through a Raspberry Pi. A browser tab can be a peer through WebRTC. The policy engine never knows the difference.
Audit
Tailscale logs admin actions and connection events. Logs are queryable, but trust is rooted in the Tailscale company.
Beacons logs are Blake3 hash-chained per fleet and anchored on Sigil. The chain is verifiable independent of L1fe's infrastructure — anyone with the log can replay it and compare the root to a public blockchain transaction.
When to pick Tailscale
If your fleet is humans and their laptops and a handful of servers, Tailscale is excellent. It will probably be easier to set up.
If your fleet is humans <em>and</em> autonomous agents, with cellular IoT, with brokered MCUs, with policy that must derive from organizational governance — Beacons exists for that case.