Anthony,
In the multi6 (multihoming in IPv6) working group, as one of many
proposals, we've been looking at putting a 64 bit host identifier in
the bottom 64 bits of an IPv6 address. If such a host identifier is
crypto-based (ie, a hash of a public key) then it is possible to
authenticate a host at any time regardless of where the host connects
to the network at that particular time and without the need for a PKI
or prior communication.
This is precisely the kind of mistake that will exhaust the entire IPv6
address space just as quickly as the IPv4 address space. Don't
engineers ever learn from the past?
I can't claim to know too much about the specific details in the
multi6 proposal, but there has been other efforts that use cryptographic
identifiers as parts of addresses. However, I do not believe these
proposals consume any more address space than, say, manual or EUI-64
based address assignment. There's still just one address consumed per
node. Perhaps you were thinking that the address contains a MAC field?
This isn't strictly speaking the case, at least not in the way that
the MAC value would change from one packet to another.
Anyway, back to the subject of "national security"... I have a
question. The main goal appears to be the reduction of dependencies
between network parts, in order to prepare for catastrophic situations.
This is useful goal, though I'm not sure I agree with all the listed
specific items. Are any of the issues that have been talked about being
addressed in the IEPREP WG, or is that group mainly focused on the SIP/
telecom type of issues only?
--Jari