RFC 3513 mandates that all unicast IPv6 addresses except the ones
starting with the bits 000 must have a 64-bit interface identifier in
the lower 64 bits.
This was shortsighted, just like having the notion of "class" built into
IPv4 addresses was shortsighted. People are going to need to subnet
past /64 sooner rather than later, and subnetting past /64 is a LOT
better than NAT. Fortunately the mistake is easily rectified, so long
as software doesn't get into the habit of expecting the lower 64 bits
of an address to be a unique interface identifier.
This has some important advantages, most notably it
allows stateless autoconfiguration.
Providing an alternative to stateless autoconfiguration for subnets
past /64 might be a acceptable compromise.
Putting a 64-bit crypto-based host identifier in the bottom 64 bits of
IPv6 addresses shouldn't get in the way of regular IPv6 addressing
mechanisms and/or operation.
Putting a crypto-based host identifier in the address is unnecessary,
since there's really no need to include a strong host identifier in
every packet sent to a host. The locator alone is usually sufficient,
and if that's not sufficient, the sender can generally encrypt the
traffic with a secret known only to the intended destination.
Keith