Suppose, rhetorically, that we were to encrypt every IP packet using IPSEC.
What happens if a box takes your packet and deliver it to the "wrong"
address, for example to an ISP controlled cache? Well, the cache cannot do
anything with it, except drop it to the floor. We are thus faced with a
dilemma: not use IPSEC because it breaks the ISP provided "enhancement," or
If it delivered to the "wrong" address then the security technology
will have done its job, the user will become aware of the problems,
and the ISP will have been prevented from doing, in an undetectable
way, what folks were complaining about. sounds like success to me.