Several updates could be done to make a more robust solution. One could, for example, consider implementing the proxy solution. Smaller updates like extending the ID field in PAA control traffic to contain the entire MAC + some random value would also increase robustness.
PAA is not in any way responsible for authentication of nodes. To have some sort of access control, one must apply an outer layer of security mechanisms. PAA could be used with a scheme like the signature solution proposed in chapter 11 combined with an authentication solution. Some distributed authentication system can be imagined, but physical distribution of keys using e.g. smartcards can be sufficient in many scenarios.
In a series of events as depicted in figure 12.12, two MANETs split and later merge. The MANETs have both configured new nodes while existing apart. When the networks merge again, an address conflict arises between already configured nodes. These conflicts should be detected by weak DAD. PAA does not perform weak DAD, and keeping a modular design in mind, this is not the responsibility of the IP configuration functionality. A scenario where PAA is used should also have mechanisms to detect address conflicts among already configured nodes.