> In the multi6 (multihoming in IPv6) working group, as one of many
> proposals, we've been looking at putting a 64 bit host identifier in
> the bottom 64 bits of an IPv6 address. If such a host identifier is
> crypto-based (ie, a hash of a public key) then it is possible to
> authenticate a host at any time regardless of where the host connects
> to the network at that particular time and without the need for a PKI
> or prior communication.
There is a very advanced proposal to do just that in the SEND working
group. You should check the drafts, and in particular the definition of
"Cryptographically Generated Addresses (CGA)":
http://www.ietf.org/internet-drafts/draft-ietf-send-cga-02.txt
The purpose of SEND is "secure neighbor discovery", i.e. preventing such
things as ARP spoofing.
-- Christian Huitema
