What would be the pitfalls of Mesh ingress over public internet


With the new Mesh ingress and assuming that the receptor network is fully TLS. What would be a reason not have execution nodes connect to the control plane over the big bad internet.

Currently we always have a vpn but I see no technical reason why it should not work securely over the big bad internet. I always demanded a VPN but this is not for technical reasons.