I started reading the TrustZero paper. So far I am not impressed. Here's a quote: "Even though this architecture [zero-trust] was introduced in 2010, to this day, no real-world open-source reference applications have been made"

Umm, what? This concept of continous verificatiton of every user and device regardless of their locaton was invented in 2010? What about the entire cypherpunk movement?

There are no implementations of it? What about PGP? Bitcoin? FIDO2? Nostr? DIDs?

I'm going to keep reading and try to understand their perspective. I can't imagine they are not aware of these things, so I'm curious as to why they feel these don't qualify as being zero-trust.