True - but even those verifications need not be to the same standard as validating a brain surgeon’s before they operate on the queen. @Paul Clarke made my point only more concisely. Also, credential validation is another area where zero trust should apply - assume they can be compromised and apply additional controls. For the brain, you might want to draw on their web of trust, ie get references