The problem is any non-cryptographic proof can be spoofed at infinite speed. Which really defeats the whole stack.

If you are inside a trusted network then yeah, maybe you don't need any of this. Then again, maybe you do, it's not like inside of an intranet we let human users go wild without cryptographic authentication...