In the multi6 (multihoming in IPv6) working group, as one of many
proposals, we've been looking at putting a 64 bit host identifier in the bottom 64 bits of an IPv6 address. If such a host identifier is crypto-based (ie, a hash of a public key) then it is possible to authenticate a host at any time regardless of where the host connects to the network at that particular time and without the need for a PKI or prior communication.
This is precisely the kind of mistake that will exhaust the entire IPv6 address space just as quickly as the IPv4 address space. Don't engineers ever learn from the past?
I can't claim to know too much about the specific details in the multi6 proposal, but there has been other efforts that use cryptographic identifiers as parts of addresses. However, I do not believe these proposals consume any more address space than, say, manual or EUI-64 based address assignment. There's still just one address consumed per node. Perhaps you were thinking that the address contains a MAC field? This isn't strictly speaking the case, at least not in the way that the MAC value would change from one packet to another.
Anyway, back to the subject of "national security"... I have a question. The main goal appears to be the reduction of dependencies between network parts, in order to prepare for catastrophic situations. This is useful goal, though I'm not sure I agree with all the listed specific items. Are any of the issues that have been talked about being addressed in the IEPREP WG, or is that group mainly focused on the SIP/ telecom type of issues only?
--Jari
