Well -- it shouldn't be authenticated, then!

Which public key you want to route to is above the network layer.