It is a know deficiency in the current HIP spec that it does not
directly support non-protected traffic. However, if unencrypted,
non-integrity protected ESP was allowed, one could use the SPI
in the ESP header as a kind of condensed identifier, without
any cryptographic protection.
I am not so sure.
I would say that inlcuding unprotected identifiers instead of unprotected
locators is weaker, since locators are somehow verified by the routing
system and ingress filtering and identifiers (as currenlty proposed) are not
verified. I mean, it would be trivial to impersonate an identifier, since
the packet would be routed using the locator (this is not the case if
locator and identifier are the same). Am i missing something?