That concept has been replaced for years at this point with Zero Trust. A greenfield project intended to the "The Protocol" tm should never have been made with such a broken threat model.

This is such a boring perspective. Zero Trust is the spherical cow of trust models. When you do a DHCP request to your local DHCP server, you're trusting that local relationship implicitly. When you PPPoE (or whatever) to your ISP, you're trusting that client/server relationship. When you DNS lookup www.google.com you're trusting the global DNS infrastructure. It goes on and on and on. Every communication from client to server necessarily requires some amount of trust by the client in the server by definition.