(1) convert DHCP to canonical XML format, using some of the on-going  
GEOPRIV efforts and the XML DSIG canonicalization

(2) compute hash

(3) include the CMS (RFC 3852) Signed-data Content Type in DHCP

(4) include signature in XML DSIG

In addition, we need to define a timestamp element in DHCP that would  
be converted to the corresponding PIDF timestamp. This would limit  
replay to a few hours unless you force the client to retrieve a  
current location via DHCP if the location is considered fishy. (You'd  
do that post-routing.)

I don't think replay by third parties is a particularly serious  
problem since almost all access networks of interest have layer-2  
encryption. Replay by a legitimate recipient of location information  
is harder to prevent, i.e., where I present location information from  
my location a few hours ago. I don't know if that is a major concern.  
I also think that any location-by-reference mechanism has the same  
problem.

To prevent replay in some scenarios, we could include the IP address  
in the data element. This would provide the first-hop proxy (and  
probably later proxies, via Contact and Via information) with some  
assurance, assuming that the first-hop proxy is trustworthy and  
assuming the user gets a public IP address.