> In the multi6 (multihoming in IPv6) working group, as one of many > proposals, we've been looking at putting a 64 bit host identifier in > the bottom 64 bits of an IPv6 address. If such a host identifier is > crypto-based (ie, a hash of a public key) then it is possible to > authenticate a host at any time regardless of where the host connects > to the network at that particular time and without the need for a PKI > or prior communication. There is a very advanced proposal to do just that in the SEND working group. You should check the drafts, and in particular the definition of "Cryptographically Generated Addresses (CGA)": http://www.ietf.org/internet-drafts/draft-ietf-send-cga-02.txt The purpose of SEND is "secure neighbor discovery", i.e. preventing such things as ARP spoofing. -- Christian Huitema