In the multi6 (multihoming in IPv6) working group, as one of many
proposals, we've been looking at putting a 64 bit host identifier in
the bottom 64 bits of an IPv6 address. If such a host identifier is
crypto-based (ie, a hash of a public key) then it is possible to
authenticate a host at any time regardless of where the host connects
to the network at that particular time and without the need for a PKI
or prior communication.
There is a very advanced proposal to do just that in the SEND working
group. You should check the drafts, and in particular the definition of
"Cryptographically Generated Addresses (CGA)":
http://www.ietf.org/internet-drafts/draft-ietf-send-cga-02.txt
The purpose of SEND is "secure neighbor discovery", i.e. preventing such
things as ARP spoofing.
-- Christian Huitema