Those who designed the early internet we still live with were business men – perfectly happy to rig the national and military telco infrastructure to suit their interests of their (US centric) business models. This means folks were use “R&D” to “make the case’ for that which they wanted anyways – revenue-generating and long term contracting practices that would underwrite huge capital investments that in turn gained them access to huge loans (for other business sector ventures applying the same kind o thing now to, say, the intelligence, or academic or commercial internet).
One has to look at IPSO and STU-III as two outliers in this space.
lets assume the above simply talks about end-user certs – bearing security labels, and device-certs loaded in trusted store on the device so device “capabilities” limit what user-certs might seek to have the device be used for.
This is rather a different world to the “secure IP phone” of the 1970s, in which the phone’s DCE/DTE interface could label the outgoing IP packet with an IPSO marking (much as today internet apps mark ethernet frames with priority markings, that the intelligent-switch then acts upon (or not, depending on whether the marking device is trusted or not).
Peter's ruminations 