> RFC 3513 mandates that all unicast IPv6 addresses except the ones > starting with the bits 000 must have a 64-bit interface identifier in > the lower 64 bits. This was shortsighted, just like having the notion of "class" built into IPv4 addresses was shortsighted. People are going to need to subnet past /64 sooner rather than later, and subnetting past /64 is a LOT better than NAT. Fortunately the mistake is easily rectified, so long as software doesn't get into the habit of expecting the lower 64 bits of an address to be a unique interface identifier. > This has some important advantages, most notably it > allows stateless autoconfiguration. Providing an alternative to stateless autoconfiguration for subnets past /64 might be a acceptable compromise. > Putting a 64-bit crypto-based host identifier in the bottom 64 bits of > > IPv6 addresses shouldn't get in the way of regular IPv6 addressing > mechanisms and/or operation. Putting a crypto-based host identifier in the address is unnecessary, since there's really no need to include a strong host identifier in every packet sent to a host. The locator alone is usually sufficient, and if that's not sufficient, the sender can generally encrypt the traffic with a secret known only to the intended destination. Keith