It's much worse than that.
In the End to End model, far too many of our problems require
changing all the end systems to solve. However, that's extremely
difficult to do, particularly as there is little or no incentive (the
DCA/DISA had guns, and control of the IMPs in 1982/1983 to force the
NCP->TCP/IP conversion - there is no equivalent agency today).
Almost all of the pressure created by the growth of the Internet is
on the network operators and their vendors (e.g. router vendors),
rather than on the users and the end systems (and the end system
vendors, e.g. PCs, Macs, Suns, etc).
It's also bad that there is little or no integration of intermediate
system vendors with end system vendors (or vice versa), because that
results in insufficient sharing of information between those two
industry segments. The IETF should be facilitating information
exchange, but it isn't working as well as it should (otherwise we
wouldn't have these problems, right?).
So, with nearly all the pressure on the operators and the vendors
that serve them, the "solutions" they come up with are necessarily
pretty ugly hacks (e.g. NAT, TCP spoofing, Firewalls) because they
have to deal with the reality that they can't change the end systems
themselves, or require them to be changed.
This is a structural problem. Until the situation changes, we're
going to keep on seeing ugly hacks that do violence to the Internet
architectural model deployed, marketed, touted as "solutions."
an author of RFC 1627,