Funny, the point of TLS is to prevent MITM attackers from reading traffic. The two install commands provided would give a LAN or MITM attacker root on your host.
I believe based on your "short lifetimes" comment that you're mixing up TLS, designed to guard against the coffee shop scenario with mTLS designed to guard against interacting with your bank.
In the coffee shop scenario, run.linkerd.io does not need to know who you are, but you need to ensure it is actually run.linkerd.io and not some rando with a DNS hijack running.
In the banking scenario, you need to know bank.example is the institution you think it is, and they need to know who you are in order to only allow you access to the assets that are rightfully yours
My comment was actually only mildly related to the mTLS content of the article, and more an observation of "good tutorial habits makes for good security habits in readers," especially when the changes are so minor as compared to their benefit
Unfortunately no - the curl commands will by default go out over http, which does not use TLS at all or provide any guarantee of remote server integrity, just like plain TCP.So an attacker with the right network posture (say, they pwned your router or a hop between you and these servers, can just reply with plain HTTP and give you code that you will run.
Like op said, just tack on -f and https://, and remember to do this in the future.
