we have lost some context here, the original idea included a router between the internal and external (the Net). this router drops all packet from the Net that purport to come from the internal ip address(es). Dunno about you, but my organization, where all of the machines are under common administrative control -- and hence are candidates for hosts.equiv status -- includes 130 people with their own workstations, at least six server-class machines, and 6 Ethernets, and is spread over two locations connected by part of a corporate LAN. Even just the New Jersey portion includes 107 people, 5 Ethernets, and 2 routers. Trust boundaries are administrative concepts, not physical ones. We need the flexibility to split a LAN based on load, without worrying if that will suddenly render useless either our security mechanisms or our ability to work together efficiently. If, in your environment, you have additional information you can take advantage of to increase your security, by all means do so. But the net as a whole needs a more general solution.