[mindslight]

Well, I removed "minor cost savings", because even that is being too charitable. Silicon is cheap, and it wouldn't take much of it to create a separate network processing domain on each node, which would perform all the functions of an IDS on cleartext, but working for the node's owner rather than whomever supplies them network transit. It's also better security with regards to heterogeneous nodes, telecommuting, unenumerable Internet links etc.

Information architectures can't help but being simultaneously technical and political. The original "End to End principle" came out of utterly technical concerns. But codified into a principle, it becomes "political". This is inevitable, because the drawbacks of poor engineering aren't felt immediately, and in fact can be quite beneficial in the short term.

There are of course plenty of vendors selling top-down "security". Right in this paper, they say "the market for such DPI devices is expected to grow to over $2B by 2018". Power tends to centralize until it collapses, which is why we as individuals must work to rebuke such trends.