If you are concerned about your IT controled device spoofing you, what are your chances of a man-in-the-middle pas-through ssl authentication? These techniques are already in practice. Extended validation trying to recoop some of the damage. EV comes at a price. One dropped EV check and your back to login. EV also has the additional burdon on every stage of the network. Unless I miss my guess... Juniper is moving where I think we have to go. MPLS supported SSL forwarding with QOS support. This whole argument goes back to 2001 UWTV discussion on stateful connections in a stateless Internet. I don't know about you but no company I know can afford to nail up static dedicated routes to all of their dependant liabilities. Gets to be a think or swim choice. Should enties that transport your SSL and have this technology be certified and bonded? I think so.