We have an Internet Architecture Board. But we don't have an architecture document. By which I mean a document that is kept up to date with the Internet architecture as realized. The end-to-end paper is not an architecture document. It predates DNS for a start. And one of the problems of making sense of where middleboxes and PKI and Software Defined Networking 'fit in' is that there is no reference model to provide a delta to. Two of the reasons there is no IETF model are the OSI model. This is just good enough to be a substitute for an IETF model while simultaneously demonstrating the futility of modelling. There is however a very simple modification to the OSI model that suddenly makes sense. The OSI model defines the layers in the architecture. What matters in a standards context is not what happens inside the layer, it is how that layer interfaces to other layers. So rather than looking at the 'Applications Layer', instead look at the Applications interface to the Transport layer beneath. And instead of the Transport layer, consider the interface between Transport and Network. Modelling the Internet in this fashion allows us to broaden the definition of the Internet. At the Network layer the Internet is the set of devices that speak IP protocol. But at the Application layer, the Internet is the set of devices that use the Internet class of the DNS to resolve names. Each interface is characterized by the identifier used to mediate the transition to the layer beneath. So there really should be a layer between Applications and Transport because Applications use the DNS name identifier and Transport runs on IP addresses and port numbers. We might as well call the layer Presentation. Right now that Presentation layer is encoded into BSD sockets which in turn are hardcoded to the hosts.txt era Internet architecture. A VPN is a filter on the Network interface. It sits above the Network layer and below the Transport Layer. Software Defined Networking is a filter on the Data Link Layer. TLS is a bit more than a filter because it involves DNS and PKI operations that are bundled into the sockets layer. It is really a presentation layer. Looking at the Internet as it has evolved, it fits the 'interfaces' model really well. Building a formal model using the interfaces approach would be fairly straightforward.