Encrypting and authenticating all Internet packets by adding application-level crypto to each and every protocol in use seems like a Sisyphean task to me. IPSec is more ambitious because it is lower in the protocol stack, but if you really want to encrypt all the traffic on the Internet, that seems like a more plausible approach to me.

The question is, though, do we trust the host (IPsec) or the application (application-level crypto)?

It would be great if there were an easy-to-use crypto API that one could just plug into ones apps. Sadly, it is not the case, yet.