The Internet Engineering Task Force (IETF) Request for Comments (RFC) 3971 describes a Secure Neighbor Discovery (SEND) protocol that specifies secure mechanisms to enable IPv6 nodes using Neighbor Discovery Protocol (NDP) according to RFC 2461 to counter malicious threats, without the necessity of IPSec protocols. NDP allows IPv6 nodes to determine each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors. The SEND protocol specifies two relatively independent mechanisms to secure the IPv6 nodes, namely use of cryptographically-generated addresses (CGA) to ensure the sender of a neighbor discovery message is the owner of the claimed address, and Authorization Delegation Discovery. Authorization Delegation Discovery is used to certify the authority of routers via a trust anchor. A “trust anchor” is an authoritative source that can be trusted by host nodes, and which is used to certify the authority of routers: “certification paths” can be established from the trust anchors to enable a certified router to perform certification of another router; before any host can adopt a router as its default router, the host must be configured with a trust anchor that can certify the router via a certification path. Hence, the certificate format mandated by the SEND protocol enables the host node to learn a certification path of a router, and to validate the authenticity of a router.