Diff: rfc9872.original.xml

	rfc9872.original.xml	rfc9872.xml

	<?xml version='1.0' encoding='utf-8'?>	<?xml version='1.0' encoding='UTF-8'?>

	<!DOCTYPE rfc [	<!DOCTYPE rfc [
	<!ENTITY nbsp " ">	<!ENTITY nbsp " ">
	<!ENTITY zwsp "">	<!ENTITY zwsp "">
	<!ENTITY nbhy "‑">	<!ENTITY nbhy "‑">
	<!ENTITY wj "⁠">	<!ENTITY wj "⁠">
	]>	]>

	<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
	<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.29 (Ruby 3.4.	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft
	4) -->	-ietf-v6ops-prefer8781-07" number="9872" category="info" consensus="true" submis
	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft	sionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3" upd
	-ietf-v6ops-prefer8781-07" category="info" consensus="true" submissionType="IETF	ates="" obsoletes="" xml:lang="en">
	" tocInclude="true" sortRefs="true" symRefs="true" version="3">
	<!-- xml2rfc v2v3 conversion 3.30.0 -->
	<front>	<front>

	<title abbrev="Prefer RFC8781">Recommendations for Discovering IPv6 Prefix U
	sed for IPv6 Address Synthesis</title>	<!--[rfced] FYI - To closer reflect the full title of the document, we
	<seriesInfo name="Internet-Draft" value="draft-ietf-v6ops-prefer8781-07"/>	have updated the short title as follows. Note that this appears in the
		running header of the PDF output.

		Original:
		Prefer RFC8781

		Current:
		IPv6 Prefix Discovery
		-->

		<title abbrev="IPv6 Prefix Discovery">Recommendations for Discovering IPv6 P
		refix Used for IPv6 Address Synthesis</title>
		<seriesInfo name="RFC" value="9872"/>
	<author fullname="Nick Buraglio">	<author fullname="Nick Buraglio">
	<organization>Energy Sciences Network</organization>	<organization>Energy Sciences Network</organization>
	<address>	<address>
	<email>buraglio@forwardingplane.net</email>	<email>buraglio@forwardingplane.net</email>
	</address>	</address>
	</author>	</author>
	<author fullname="Tommy Jensen">	<author fullname="Tommy Jensen">
	<organization/>	<organization/>
	<address>	<address>
	<email>tojens.ietf@gmail.com</email>	<email>tojens.ietf@gmail.com</email>
	</address>	</address>
	</author>	</author>
	<author fullname="Jen Linkova">	<author fullname="Jen Linkova">
	<organization>Google</organization>	<organization>Google</organization>
	<address>	<address>
	<email>furry13@gmail.com</email>	<email>furry13@gmail.com</email>
	</address>	</address>
	</author>	</author>

	<date year="2025" month="August" day="07"/>	<date year="2025" month="September"/>
	<area>ops</area>	<area>OPS</area>
	<workgroup>v6ops</workgroup>	<workgroup>v6ops</workgroup>


	<keyword>IPv6</keyword>	<keyword>IPv6</keyword>
	<keyword>DNS64</keyword>	<keyword>DNS64</keyword>
	<keyword>PREF64</keyword>	<keyword>PREF64</keyword>
	<keyword>NAT64</keyword>	<keyword>NAT64</keyword>
	<keyword>CLAT</keyword>	<keyword>CLAT</keyword>

	<abstract>
	<?line 62?>


	<t>On networks providing IPv4-IPv6 translation (RFC7915), hosts and other endpoi	<abstract>
	nts need to know the IPv6 prefix(es) used for translation (the NAT64 prefix, RFC	<t>On networks providing IPv4-IPv6 translation (RFC 7915), hosts and other endpo
	6052). This document provides guidelines for NAT64 prefix discovery, specificall	ints need to know the IPv6 prefix(es) used for translation (the NAT64 prefix (RF
	y recommending obtaining the NAT64 prefix from Router Advertisement option (RFC8	C 6052)). This document provides guidelines for NAT64 prefix discovery, specific
	781) when available.</t>	ally recommending obtaining the NAT64 prefix from the Router Advertisement optio
		n (RFC 8781) when available.</t>
	</abstract>	</abstract>

	<note removeInRFC="true">
	<name>About This Document</name>
	<t>
	The latest revision of this draft can be found at <eref target="https://
	github.com/buraglio/draft-nbtjjl-v6ops-prefer8781"/>.
	Status information for this document may be found at <eref target="https
	://datatracker.ietf.org/doc/draft-ietf-v6ops-prefer8781/"/>.
	</t>
	<t>
	Discussion of this document takes place on the
	v6ops Working Group mailing list (<eref target="mailto:v6ops@ietf.org"/>
	),
	which is archived at <eref target="https://datatracker.ietf.org/wg/v6ops
	/about/"/>.
	Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/v6ops/"
	/>.
	</t>
	<t>Source for this draft and an issue tracker can be found at
	<eref target="https://github.com/buraglio/draft-nbtjjl-v6ops-prefer8781"
	/>.</t>
	</note>
	</front>	</front>
	<middle>	<middle>

	<?line 66?>

	<section anchor="introduction">	<section anchor="introduction">
	<name>Introduction</name>	<name>Introduction</name>
	<t>Devices translating between IPv4 and IPv6 packet headers <xref target=" RFC7915"/> use a NAT64 prefix to map IPv4 addresses into the IPv6 address space, and vice versa.	<t>Devices translating between IPv4 and IPv6 packet headers <xref target=" RFC7915"/> use a NAT64 prefix to map IPv4 addresses into the IPv6 address space, and vice versa.
	When a network provides NAT64, it is advantageous for endpoints to acquire the n etwork's NAT64 prefixes (PREF64).	When a network provides NAT64, it is advantageous for endpoints to acquire the n etwork's NAT64 prefixes (PREF64).
	Discovering the PREF64 enables endpoints to:</t>	Discovering the PREF64 enables endpoints to:</t>
	<ul spacing="normal">	<ul spacing="normal">
	<li>	<li>
	<t>Implement the customer-side translator (CLAT) function of the 464XL AT architecture <xref target="RFC6877"/>.</t>	<t>Implement the customer-side translator (CLAT) function of the 464XL AT architecture <xref target="RFC6877"/>.</t>
	</li>	</li>
	<li>	<li>

	<t>Translate IPv4 literals to IPv6 literals (Section 7.1 of <xref targ et="RFC8305"/>).</t>	<t>Translate IPv4 literals to IPv6 literals (<xref target="RFC8305" se ction="7.1"/>).</t>
	</li>	</li>
	<li>	<li>
	<t>Perform local DNS64 <xref target="RFC6147"/> functions.</t>	<t>Perform local DNS64 <xref target="RFC6147"/> functions.</t>
	</li>	</li>
	<li>	<li>

	<t>Support applications relying on IPv4 address referral (Section 3.2. 2 of <xref target="RFC7225"/>).</t>	<t>Support applications relying on IPv4 address referral (<xref target ="RFC7225" section="3.2.2"/>).</t>
	</li>	</li>
	</ul>	</ul>

	<t>Dynamic PREF64 discovery is useful to keep the NAT64 prefix configurati
	on up-to-date, particularly for unmanaged endpoints or endpoints which move betw	<!--[rfced] To avoid the repetition of "based" twice in the same sentence and
	een networks.	to clarify "[RFC7051] analysis", may we update this sentence as follows?

		Original:
		[RFC7050] introduces the
		first DNS64-based mechanism for PREF64 discovery based on [RFC7051]
		analysis.

		Perhaps:
		[RFC7050] introduces the
		first DNS64-based mechanism for PREF64 discovery per the analysis described
		in [RFC7051].
		-->

		<t>Dynamic PREF64 discovery is useful to keep the NAT64 prefix configurati
		on up-to-date, particularly for unmanaged endpoints or endpoints that move betwe
		en networks.
	<xref target="RFC7050"/> introduces the first DNS64-based mechanism for PREF64 d iscovery based on <xref target="RFC7051"/> analysis.	<xref target="RFC7050"/> introduces the first DNS64-based mechanism for PREF64 d iscovery based on <xref target="RFC7051"/> analysis.

	However, subsequent methods have been developed to address <xref target="RFC7050 "/> limitations.</t>	However, subsequent methods have been developed to address the <xref target="RF C7050"/> limitations.</t>
	<t>For instance, <xref target="RFC8781"/> defines a Neighbor Discovery <xr ef target="RFC4861"/> option for Router Advertisements (RAs) to convey PREF64 in formation to hosts.	<t>For instance, <xref target="RFC8781"/> defines a Neighbor Discovery <xr ef target="RFC4861"/> option for Router Advertisements (RAs) to convey PREF64 in formation to hosts.

	This approach offers several advantages (Section 3 of <xref target="RFC8781"/>),	This approach offers several advantages (<xref target="RFC8781" section="3
	including fate sharing with other host network configuration parameters.</t>	"/>), including fate sharing with other host network configuration parameters.</
		t>

		<!--[rfced] May we clarify the citations in the text below as follows?

		Original:
		Due to fundamental shortcomings of the [RFC7050] mechanism
		(Section 4), [RFC8781] is the preferred solution for new deployments.

		Perhaps:
		Due to fundamental shortcomings of the mechanism defined in [RFC7050]
		(see Section 4 for more details), [RFC8781] describes the preferred
		solution for new deployments.
		-->

	<t>Due to fundamental shortcomings of the <xref target="RFC7050"/> mechani sm (<xref target="issues"/>), <xref target="RFC8781"/> is the preferred solution for new deployments.	<t>Due to fundamental shortcomings of the <xref target="RFC7050"/> mechani sm (<xref target="issues"/>), <xref target="RFC8781"/> is the preferred solution for new deployments.
	Implementations should strive for consistent PREF64 acquisition methods.	Implementations should strive for consistent PREF64 acquisition methods.

	The DNS64-based mechanism of <xref target="RFC7050"/> should be employed only wh en RA-based PREF64 delivery is unavailable, or as a fallback for legacy systems incapable of processing the PREF64 RA Option.</t>	The DNS64-based mechanism of <xref target="RFC7050"/> should be employed only wh en RA-based PREF64 delivery is unavailable or as a fallback for legacy systems i ncapable of processing the PREF64 RA Option.</t>
	</section>	</section>
	<section anchor="terminology">	<section anchor="terminology">
	<name>Terminology</name>	<name>Terminology</name>

	<t>DNS64: a mechanism for synthesizing AAAA records from A records, define
	d in <xref target="RFC6147"/>.</t>
	<t>NAT64: a mechanism for translating IPv6 packets to IPv4 packets and vic
	e versa. The translation is done by translating the packet headers according to
	the IP/ICMP Translation Algorithm defined in <xref target="RFC7915"/>. NAT64 tr
	anslators can operate in stateful (<xref target="RFC6144"/>) or stateless mode (
	e.g. customer-side translator, CLAT, <xref target="RFC6877"/>).
	This document uses "NAT64" as a generalized term for a translator which uses the
	stateless IP/ICMP translation algorithm defined in <xref target="RFC7915"/> and
	operates within a framework for IPv4/IPv6 translation described in <xref target
	="RFC6144"/>.</t>
	<t>PREF64 (or Pref64::/n, or NAT64 prefix): An IPv6 prefix used for IPv6 a
	ddress synthesis and for network addresses and protocols translation from IPv6 c
	lients to IPv4 servers using the algorithm defined in <xref target="RFC6052"/>.<
	/t>
	<t>Router Advertisement (RA): A packet used by Neighbor Discovery <xref ta
	rget="RFC4861"/> and SLAAC to advertise the presence of the routers, together wi
	th other IPv6 configuration information.</t>
	<t>SLAAC: StateLess Address AutoConfiguration, <xref target="RFC4862"/></
	t>
	<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14
	>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
	NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECO
	MMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
	"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be i
	nterpreted as
	described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and
	only when, they
	appear in all capitals, as shown here.</t>
	<?line -18?>


	</section>	<dl spacing="normal" newline="false">
		<dt>DNS64:</dt><dd>A mechanism for synthesizing AAAA records from A records,
		defined in <xref target="RFC6147"/>.</dd>
		<dt>NAT64:</dt><dd>A mechanism for translating IPv6 packets to IPv4 packets,
		and vice versa. The translation is done by translating the packet headers
		according to the IP/ICMP Translation Algorithm defined in <xref
		target="RFC7915"/>. NAT64 translators can operate in stateful mode <xref
		target="RFC6144"/> or stateless mode <xref target="RFC6877"/> (e.g., customer-
		side translator (CLAT)).
		This document uses "NAT64" as a generalized term
		for a translator, which uses the stateless IP/ICMP Translation Algorithm
		defined in <xref target="RFC7915"/> and operates within a framework for
		IPv4/IPv6 translation described in <xref target="RFC6144"/>.</dd>
		<dt>PREF64 (Pref64::/n or NAT64 prefix):</dt><dd>An IPv6 prefix used for
		IPv6 address synthesis and for translating network addresses and protocols
		from IPv6 clients to IPv4 servers using the algorithm defined in <xref
		target="RFC6052"/>.</dd>
		<dt>Router Advertisement (RA):</dt><dd>A packet used by Neighbor Discovery
		<xref target="RFC4861"/> and SLAAC to advertise the presence of the routers,
		together with other IPv6 configuration information.</dd>

		<!--[rfced] We note that some of the acronyms listed in the Terminology
		section are formatted in different ways (e.g., expanded form in parentheses,
		acronym in parentheses, and expanded form in description). To make these
		consistent, may we update to have the expanded form appear in the
		description of the acronyms listed?

		Original:
		PREF64 (or Pref64::/n, or NAT64 prefix): An IPv6 prefix used for IPv6
		address synthesis and for network addresses and protocols translation
		from IPv6 clients to IPv4 servers using the algorithm defined in
		[RFC6052].

		Router Advertisement (RA): A packet used by Neighbor Discovery
		[RFC4861] and SLAAC to advertise the presence of the routers,
		together with other IPv6 configuration information.

		SLAAC: StateLess Address AutoConfiguration, [RFC4862]

		Perhaps:
		PREF64: Pref64::/n or NAT64 prefix. An IPv6 prefix used for IPv6
		address synthesis and for network addresses and protocols translation
		from IPv6 clients to IPv4 servers using the algorithm defined in
		[RFC6052].

		RA: Router Advertisement. A packet used by Neighbor Discovery
		[RFC4861] and SLAAC to advertise the presence of the routers,
		together with other IPv6 configuration information.

		SLAAC: Stateless Address Autoconfiguration [RFC4862].
		-->

		<dt>SLAAC:</dt><dd>Stateless Address Autoconfiguration <xref target="RFC4862"/
		>.</dd>
		</dl>
		<t>
		The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
		"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
		NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
		"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
		"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are
		to be interpreted as described in BCP 14 <xref target="RFC2119"/>
		<xref target="RFC8174"/> when, and only when, they appear in all capitals,
		as shown here.
		</t>
		</section>
	<section anchor="recommendations-for-pref64-discovery">	<section anchor="recommendations-for-pref64-discovery">
	<name>Recommendations for PREF64 Discovery</name>	<name>Recommendations for PREF64 Discovery</name>
	<section anchor="deployment-recommendations-for-endpoints">	<section anchor="deployment-recommendations-for-endpoints">
	<name>Deployment Recommendations for Endpoints</name>	<name>Deployment Recommendations for Endpoints</name>

	<t>Endpoints <bcp14>SHOULD</bcp14> attempt to obtain PREF64 information	<t>Endpoints <bcp14>SHOULD</bcp14> attempt to obtain PREF64 information
	from RAs per <xref target="RFC8781"/> instead of using <xref target="RFC7050"/>	from RAs per <xref target="RFC8781"/>, instead of using the <xref target="RFC705
	method.	0"/> method.
	In the absence of the PREF64 information in RAs, an endpoint <bcp14>MAY</bcp14>	In the absence of the PREF64 information in RAs, an endpoint <bcp14>MAY</bcp14>
	choose to fall back to the mechanism defined in RFC7050.	choose to fall back to the mechanism defined in <xref target="RFC7050"/>.
	This recommendation to prefer the <xref target="RFC8781"/> mechanism over one de	This recommendation to prefer the <xref target="RFC8781"/> mechanism over the on
	fined in <xref target="RFC7050"/> is consistent with Section 5.1 of <xref target	e defined in <xref target="RFC7050"/> is consistent with <xref target="RFC8781"
	="RFC8781"/>.</t>	section="5.1"/>.</t>
	</section>	</section>
	<section anchor="deployment-recommendations-for-operators">	<section anchor="deployment-recommendations-for-operators">
	<name>Deployment Recommendations for Operators</name>	<name>Deployment Recommendations for Operators</name>
	<t>Network operators deploying NAT64 <bcp14>SHOULD</bcp14> provide PREF6 4 information in Router Advertisements per <xref target="RFC8781"/>.</t>	<t>Network operators deploying NAT64 <bcp14>SHOULD</bcp14> provide PREF6 4 information in Router Advertisements per <xref target="RFC8781"/>.</t>
	<section anchor="mobile-network-considerations">	<section anchor="mobile-network-considerations">
	<name>Mobile Network Considerations</name>	<name>Mobile Network Considerations</name>
	<t>While <xref target="RFC8781"/> support is widely integrated into mo dern operating systems on mobile endpoints, equipment deployed in mobile network environments often lacks abilities to include the PREF64 Option into RAs.	<t>While <xref target="RFC8781"/> support is widely integrated into mo dern operating systems on mobile endpoints, equipment deployed in mobile network environments often lacks abilities to include the PREF64 Option into RAs.
	Therefore, the immediate deployment and enablement of PREF64 by mobile operators may not currently be feasible and the recommendations outlined in this document are not presently applicable to mobile network operators.	Therefore, the immediate deployment and enablement of PREF64 by mobile operators may not currently be feasible and the recommendations outlined in this document are not presently applicable to mobile network operators.
	These environments are encouraged to incorporate <xref target="RFC8781"/> when m ade practical by infrastructure upgrades or software stack feature additions.</t >	These environments are encouraged to incorporate <xref target="RFC8781"/> when m ade practical by infrastructure upgrades or software stack feature additions.</t >
	</section>	</section>
	<section anchor="migration-considerations">	<section anchor="migration-considerations">
	<name>Migration Considerations</name>	<name>Migration Considerations</name>
	<t>Transitioning from the <xref target="RFC7050"/> heuristic to using the <xref target="RFC8781"/> approach might require a period of time where both mechanisms coexist.	<t>Transitioning from the <xref target="RFC7050"/> heuristic to using the <xref target="RFC8781"/> approach might require a period of time where both mechanisms coexist.

	How long this may take depends on the endpoint footprint, particularly the prese nce and number of endpoints running outdated operating systems, which do not sup port <xref target="RFC8781"/>.	How long this may take depends on the endpoint footprint, particularly the prese nce and number of endpoints running outdated operating systems that do not suppo rt <xref target="RFC8781"/>.
	Operators are advised to take those factors into account prior to removing suppo rt for the <xref target="RFC7050"/> heuristic, noting that it is still safe to a dd support for the <xref target="RFC8781"/> approach since endpoints that suppor t it will always prefer it over <xref target="RFC7050"/> if they follow RFC requ irements.</t>	Operators are advised to take those factors into account prior to removing suppo rt for the <xref target="RFC7050"/> heuristic, noting that it is still safe to a dd support for the <xref target="RFC8781"/> approach since endpoints that suppor t it will always prefer it over <xref target="RFC7050"/> if they follow RFC requ irements.</t>

	<t>Migrating away from DNS64-based discovery also reduces dependency o n DNS64 in general, thereby eliminating DNSSEC and DNS64 incompatibility concern s (Section 6.2 of <xref target="RFC6147"/>).</t>	<t>Migrating away from DNS64-based discovery also reduces dependency o n DNS64 in general, thereby eliminating DNSSEC and DNS64 incompatibility concern s (<xref target="RFC6147" section="6.2"/>).</t>
	</section>	</section>
	</section>	</section>
	</section>	</section>
	<section anchor="issues">	<section anchor="issues">

	<name>Existing Issues with RFC7050</name>	<name>Existing Issues with RFC 7050</name>
	<t>DNS-based discovery the NAT64 prefix introduces some challenges, which	<t>DNS-based discovery of the NAT64 prefix introduces some challenges, whi
	make this approach less preferable than latest developed alternatives (such as P	ch make this approach less preferable than the latest developed alternatives (su
	REF64 RA Option, <xref target="RFC8781"/>).	ch as the PREF64 RA Option <xref target="RFC8781"/>).
	This section outlines the key issues, associated with <xref target="RFC7050"/>,	This section outlines the key issues associated with <xref target="RFC7050"/> wi
	with a focus on those not discussed in <xref target="RFC7050"/> or in the analys	th a focus on those not discussed in <xref target="RFC7050"/> or in the analysis
	is of solutions for hosts to discover NAT64 prefix (<xref target="RFC7051"/>).</	of solutions for hosts to discover the NAT64 prefix <xref target="RFC7051"/>.</
	t>	t>
	<t>Signalling PREF64 in RA option addresses all issues outlined in this se	<t>Signalling PREF64 in the RA option addresses all issues outlined in thi
	ction (see Section 3 of <xref target="RFC8781"/> for details).</t>	s section (see <xref target="RFC8781" section="3"/> for details).</t>
	<section anchor="dependency-on-network-provided-recursive-resolvers">	<section anchor="dependency-on-network-provided-recursive-resolvers">
	<name>Dependency on Network-Provided Recursive Resolvers</name>	<name>Dependency on Network-Provided Recursive Resolvers</name>


		<!--[rfced] As "are network-specific attributes" seems to directly describe
		"NAT64 and the exact values" rather than their presence, may we remove "the
		presence of" from this sentence?

		Original:
		Fundamentally, the presence of the NAT64 and the exact value of the
		prefix used for the translation are network-specific attributes.

		Perhaps:
		Fundamentally, the NAT64 and the exact value of the
		prefix used for the translation are network-specific attributes.
		-->

	<t>Fundamentally, the presence of the NAT64 and the exact value of the p refix used for the translation are network-specific attributes.	<t>Fundamentally, the presence of the NAT64 and the exact value of the p refix used for the translation are network-specific attributes.
	Therefore, <xref target="RFC7050"/> requires the endpoint discovering the prefix to use the DNS64 resolvers provided by the network.	Therefore, <xref target="RFC7050"/> requires the endpoint discovering the prefix to use the DNS64 resolvers provided by the network.
	If the device or an application is configured to use other recursive resolvers o r runs a local recursive resolver, the corresponding name resolution APIs and li braries are required to recognize 'ipv4only.arpa.' as a special name and give it special treatment.	If the device or an application is configured to use other recursive resolvers o r runs a local recursive resolver, the corresponding name resolution APIs and li braries are required to recognize 'ipv4only.arpa.' as a special name and give it special treatment.
	This issue and remediation approach are discussed in <xref target="RFC8880"/>.	This issue and remediation approach are discussed in <xref target="RFC8880"/>.

	However, it has been observed that very few <xref target="RFC7050"/> implementat	However, it has been observed that very few <xref target="RFC7050"/> implementat
	ions support <xref target="RFC8880"/> requirements for special treatment of 'ipv	ions support the <xref target="RFC8880"/> requirements for special treatment of
	4only.arpa.'.	'ipv4only.arpa.'.
	As a result, configuring such systems and applications to use resolvers other th	As a result, configuring such systems and applications to use resolvers o
	an the one provided by the network breaks the PREF64 discovery, leading to degra	ther than the one provided by the network breaks the PREF64 discovery, leading t
	ded user experience.</t>	o degraded user experience.</t>
	<t>VPN applications may override the endpoint's DNS configuration, for e xample, by configuring enterprise DNS servers as the node's recursive resolvers and forcing all name resolution through the VPN.	<t>VPN applications may override the endpoint's DNS configuration, for e xample, by configuring enterprise DNS servers as the node's recursive resolvers and forcing all name resolution through the VPN.
	These enterprise DNS servers typically lack DNS64 functionality and therefore ca nnot provide information about the PREF64 used within the local network.	These enterprise DNS servers typically lack DNS64 functionality and therefore ca nnot provide information about the PREF64 used within the local network.

	If the VPN is configured in so-called "split tunneling" mode (when only a subset	If the VPN is configured in so-called "split tunneling" mode (when only a
	of network traffic is routed into the VPN tunnel), endpoints may not discover t	subset of network traffic is routed into the VPN tunnel), endpoints may not dis
	he necessary PREF64, which negatively impacts their connectivity on IPv6-only ne	cover the necessary PREF64, which negatively impacts their connectivity on IPv6-
	tworks.</t>	only networks.</t>
	<t>If both the network-provided DNS64 and the endpoint's resolver happen	<t>If both the network-provided DNS64 and the endpoint's resolver happen
	to utilize the Well-Known Prefix (64:ff9b::/96, <xref target="RFC6052"/>), the	to utilize the Well-Known Prefix (64:ff9b::/96) <xref target="RFC6052"/>, the e
	endpoint would end up using a PREF64 that's valid for the current network.	ndpoint would end up using a PREF64 that's valid for the current network.
	However, if the endpoint changes its network attachment, it can't detect if the	However, if the endpoint changes its network attachment, it can't detect if the
	new network lacks NAT64 entirely or uses a network-specific NAT64 prefix (NSP, <	new network lacks NAT64 entirely or uses a network-specific prefix (NSP) <xref t
	xref target="RFC6144"/>).</t>	arget="RFC6144"/> for NAT64.</t>
	<t>Signalling PREF64 in RA option decouples the PREF64 discovery from th	<t>Signalling PREF64 in an RA option decouples the PREF64 discovery from
	e host's DNS resolvers configuration.</t>	the host's DNS resolver configuration.</t>
	</section>	</section>
	<section anchor="network-stack-initialization-delay">	<section anchor="network-stack-initialization-delay">
	<name>Network Stack Initialization Delay</name>	<name>Network Stack Initialization Delay</name>
	<t>When using SLAAC, an IPv6 host typically requires a single RA to acqu ire its network configuration.	<t>When using SLAAC, an IPv6 host typically requires a single RA to acqu ire its network configuration.

	For IPv6-only endpoints, timely PREF64 discovery is critical, particularly for t hose performing local DNS64 or NAT64 functions, such as CLAT (<xref target="RFC6 877"/>).	For IPv6-only endpoints, timely PREF64 discovery is critical, particularly for t hose performing local DNS64 or NAT64 functions, such as CLAT <xref target="RFC68 77"/>.
	Until a PREF64 is obtained, the endpoint's IPv4-only applications and communicat ion to IPv4-only destinations are impaired.	Until a PREF64 is obtained, the endpoint's IPv4-only applications and communicat ion to IPv4-only destinations are impaired.

	The mechanism defined in <xref target="RFC7050"/> does not bundle PREF64 informa	The mechanism defined in <xref target="RFC7050"/> does not bundle PREF64 informa
	tion with other network configuration parameters, and requires at least one roun	tion with other network configuration parameters and requires at least one round
	d-trip time (to send a DNS request and receive a response) after the network sta	-trip time (to send a DNS request and receive a response) after the network stac
	ck configuration is completed.</t>	k configuration is completed.</t>
	<t>Advertising PREF64 in RA, on the other hand, elminates the period whe	<t>On the other hand, advertising PREF64 in an RA eliminates the period
	n the host obtains IPv6 addresses and default routers, but no PREF64.</t>	when the host obtains IPv6 addresses and default routers but no PREF64.</t>
	</section>	</section>
	<section anchor="latency-in-updates-propagation">	<section anchor="latency-in-updates-propagation">
	<name>Latency in Updates Propagation</name>	<name>Latency in Updates Propagation</name>

	<t>Section 3 of <xref target="RFC7050"/> states: "The node <bcp14>SHALL<
	/bcp14> cache the replies it receives during the Pref64::/n discovery procedure,	<!--[rfced] FYI, we have formatted the following quoted text to appear
	and it <bcp14>SHOULD</bcp14> repeat the discovery process ten seconds before th	in <blockquote>. Please review and let us know of any objections.
	e TTL of the Well-Known Name's synthetic AAAA resource record expires."
	As a result, once a PREF64 is discovered, it will be used until the TTL expired,	Original:
	or until the node disconnects from the network.	Section 3 of [RFC7050] states: "The node SHALL cache the replies it
		receives during the Pref64::/n discovery procedure, and it SHOULD
		repeat the discovery process ten seconds before the TTL of the Well-
		Known Name's synthetic AAAA resource record expires." As a result,
		once a PREF64 is discovered, it will be used until the TTL expired,
		or until the node disconnects from the network.

		Current:
		Section 3 of [RFC7050] states:

		\| The node SHALL cache the replies it receives during the Pref64::/n
		\| discovery procedure, and it SHOULD repeat the discovery process
		\| ten seconds before the TTL of the Well-Known Name's synthetic AAAA
		\| resource record expires.

		As a result, once a PREF64 is discovered, it will be used until the
		TTL expires or until the node disconnects from the network.
		-->

		<t><xref target="RFC7050" section="3"/> states:</t>
		<blockquote>The node <bcp14>SHALL</bcp14> cache the replies it receives during t
		he Pref64::/n discovery procedure, and it <bcp14>SHOULD</bcp14> repeat the disco
		very process ten seconds before the TTL of the Well-Known Name's synthetic AAAA
		resource record expires.</blockquote>
		<t>As a result, once a PREF64 is discovered, it will be used until the TTL expir
		es or until the node disconnects from the network.
	There is no mechanism for an operator to force the PREF64 rediscovery on the nod e without disconnecting the node from the network.	There is no mechanism for an operator to force the PREF64 rediscovery on the nod e without disconnecting the node from the network.
	If the operator needs to change the PREF64 value used in the network, they need to proactively reduce the TTL value returned by the DNS64 server.	If the operator needs to change the PREF64 value used in the network, they need to proactively reduce the TTL value returned by the DNS64 server.
	This method has two significant drawbacks:</t>	This method has two significant drawbacks:</t>
	<ul spacing="normal">	<ul spacing="normal">
	<li>	<li>

	<t>Many networks utilize external DNS64 servers and therefore have n o control over the TTL value, if the PREF64 needs to be changed or withdrawn.</t >	<t>Many networks utilize external DNS64 servers and therefore have n o control over the TTL value if the PREF64 needs to be changed or withdrawn.</t>
	</li>	</li>
	<li>	<li>

	<t>The PREF64 changes need to be planned and executed at least TTL s econds in advance. If the operator needs to notify nodes that a particular prefi x must not be used (e.g. during a network outage or if the nodes learnt a rogue PREF64 as a result of an attack), it might not be possible without interrupting the network connectivity for the affected nodes.</t>	<t>The PREF64 changes need to be planned and executed at least TTL s econds in advance. If the operator needs to notify nodes that a particular prefi x must not be used (e.g., during a network outage or if the nodes learned a rogu e PREF64 as a result of an attack), it might not be possible without interruptin g the network connectivity for the affected nodes.</t>
	</li>	</li>
	</ul>	</ul>

	<t>Mechanism defined in <xref target="RFC8781"/> allows to notify hosts about PREF64 changes immidiately, by sending an RA with updated information.</t>	<t>The mechanism defined in <xref target="RFC8781"/> allows notifying ho sts about PREF64 changes immediately by sending an RA with updated information.< /t>
	</section>	</section>
	<section anchor="multihoming-implications">	<section anchor="multihoming-implications">
	<name>Multihoming Implications</name>	<name>Multihoming Implications</name>

	<t>Section 3 of <xref target="RFC7050"/> requires a node to examine all received AAAA resource records to discover one or more PREF64s and to utilize al l learned prefixes.	<t><xref target="RFC7050" section="3"/> requires a node to examine all r eceived AAAA resource records to discover one or more PREF64s and to utilize all learned prefixes.
	However, this approach presents challenges in some multihomed topologies where d ifferent DNS64 servers belonging to different ISPs might return different PREF64 s.	However, this approach presents challenges in some multihomed topologies where d ifferent DNS64 servers belonging to different ISPs might return different PREF64 s.
	In such cases, it is crucial that traffic destined for synthesized addresses is sent to the correct NAT64 and the source address selected for those flows belong s to the prefix from that ISP's address space.	In such cases, it is crucial that traffic destined for synthesized addresses is sent to the correct NAT64 and the source address selected for those flows belong s to the prefix from that ISP's address space.
	In other words, the node needs to associate each discovered PREF64 with upstream information, including the IPv6 prefix and default gateway.	In other words, the node needs to associate each discovered PREF64 with upstream information, including the IPv6 prefix and default gateway.
	Currently, there is no reliable way for a node to map a DNS64 response (and the prefix learned from it) to a specific upstream in a multihoming scenario.	Currently, there is no reliable way for a node to map a DNS64 response (and the prefix learned from it) to a specific upstream in a multihoming scenario.
	Consequently, the node might inadvertently select an incorrect source address fo r a given PREF64 and/or send traffic to the incorrect uplink.</t>	Consequently, the node might inadvertently select an incorrect source address fo r a given PREF64 and/or send traffic to the incorrect uplink.</t>

	<t>Advertising PREF64 in RAs allows hosts to track which PREF64 was adve	<t>Advertising PREF64 in RAs allows hosts to track which PREF64 was adve
	rtised by which router and use that information to select the correct nexthop.	rtised by which router and use that information to select the correct next hop.
	Section 8 of <xref target="I-D.ietf-v6ops-claton"/> discusses this scenario in m	<xref section="8" target="I-D.ietf-v6ops-claton"/> discusses this scenario in mo
	ore details.</t>	re details.</t>
	</section>	</section>
	<section anchor="security-implications">	<section anchor="security-implications">
	<name>Security Implications</name>	<name>Security Implications</name>

	<t>As discussed in Section 7 of <xref target="RFC7050"/>, the DNS-based PREF64 discovery is prone to DNS spoofing attacks.	<t>As discussed in <xref target="RFC7050" section="7"/>, the DNS-based P REF64 discovery is prone to DNS spoofing attacks.
	In addition to creating a wider attack surface for IPv6 deployments, <xref targe t="RFC7050"/> has other security challenges, which are discussed below.</t>	In addition to creating a wider attack surface for IPv6 deployments, <xref targe t="RFC7050"/> has other security challenges, which are discussed below.</t>
	<section anchor="secure-channel-def">	<section anchor="secure-channel-def">
	<name>Definition of Secure Channel</name>	<name>Definition of Secure Channel</name>

	<t><xref target="RFC7050"/> requires a node's communication channel wi	<t><xref target="RFC7050"/> requires a node's communication channel wi
	th a DNS64 server to be a "secure channel" which it defines to mean "a communica	th a DNS64 server to be a "secure channel", which it defines to mean "a communic
	tion channel a node has between itself and a DNS64 server protecting DNS protoco	ation channel a node has between itself and a DNS64 server protecting DNS protoc
	l-related messages from interception and tampering."	ol-related messages from interception and tampering".
	This need is redundant when another communication mechanism of IPv6-related conf	This need is redundant when another communication mechanism of IPv6-rel
	iguration, specifically RAs, can already be defended against tampering, for exam	ated configuration, specifically RAs, can already be defended against tampering,
	ple by enabling RA-Guard <xref target="RFC6105"/>.	for example, by enabling RA-Guard <xref target="RFC6105"/>.
	Requiring nodes to implement two defense mechanisms when only one is necessary w
	hen <xref target="RFC8781"/> is used in place of <xref target="RFC7050"/> create	<!--[rfced] As the sentence below reads awkwardly, may we rephrase
	s unnecessary risk.</t>	it as follows? Additionally, may we clarify that the mechanisms are
		being used, not the RFCs?

		Original:
		Requiring nodes to implement two defense mechanisms when only one is
		necessary when [RFC8781] is used in place of [RFC7050] creates
		unnecessary risk.

		Perhaps:
		When the mechanism defined in [RFC8781] is used in place of the one defined i
		n
		[RFC7050], nodes only need to implement one defense mechanism; requiring node
		s
		to implement two defense mechanisms creates an unnecessary risk.
		-->

		Requiring nodes to implement two defense mechanisms when only one is necessary w
		hen <xref target="RFC8781"/> is used in place of <xref target="RFC7050"/> create
		s an unnecessary risk.</t>
	</section>	</section>
	<section anchor="secure-channel-example-of-ipsec">	<section anchor="secure-channel-example-of-ipsec">
	<name>Secure Channel Example of IPsec</name>	<name>Secure Channel Example of IPsec</name>

	<t>One of the two examples that <xref target="RFC7050"/> defines to qu alify a communication channel with a DNS64 server is the use of an "IPsec-based virtual private network (VPN) tunnel". As of the time of this writing, this is n ot supported as a practice by any common operating system DNS client. While they could, there have also since been multiple mechanisms defined for performing DN S-specific encryption such as those defined in <xref target="RFC9499"/> that wou ld be more appropriately scoped to the applicable DNS traffic. These are also co mpatible with encrypted DNS advertisement by the network using Discovery of Netw ork-designated Resolvers <xref target="RFC9463"/> that would ensure the clients know in advance that the DNS64 server supported the encryption mechanism.</t>	<t>One of the two examples that <xref target="RFC7050"/> defines to qu alify a communication channel with a DNS64 server is the use of an "IPsec-based virtual private network (VPN) tunnel". As of the time of this writing, this is n ot supported as a practice by any common operating system DNS client. While they could, there have also since been multiple mechanisms defined for performing DN S-specific encryption, such as those defined in <xref target="RFC9499"/>, that w ould be more appropriately scoped to the applicable DNS traffic. These are also compatible with encrypted DNS advertisement by the network using Discovery of Ne twork-designated Resolvers <xref target="RFC9463"/>, which would ensure the clie nts know in advance that the DNS64 server supported the encryption mechanism.</t >
	</section>	</section>
	<section anchor="secure-channel-example-of-link-layer-encryption">	<section anchor="secure-channel-example-of-link-layer-encryption">
	<name>Secure Channel Example of Link Layer Encryption</name>	<name>Secure Channel Example of Link Layer Encryption</name>

	<t>The other example given by <xref target="RFC7050"/> that would allo w a communication channel with a DNS64 server to qualify as a "secure channel" i s the use of a "link layer utilizing data encryption technologies". As of the ti me of this writing, most common link layer implementations use data encryption a lready with no extra effort needed on the part of network nodes. While this appe ars to be a trivial way to satisfy this requirement, it also renders the require ment meaningless since any node along the path can still read the higher-layer D NS traffic containing the translation prefix. This seems to be at odds with the definition of "secure channel" as explained in <xref section="2.2" sectionFormat ="of" target="RFC7050"/>.</t>	<t>The other example given by <xref target="RFC7050"/> that would allo w a communication channel with a DNS64 server to qualify as a "secure channel" i s the use of a "link layer utilizing data encryption technologies". As of the ti me of this writing, most common link layer implementations use data encryption a lready with no extra effort needed on the part of network nodes. While this appe ars to be a trivial way to satisfy this requirement, it also renders the require ment meaningless since any node along the path can still read the higher-layer D NS traffic containing the translation prefix. This seems to be at odds with the definition of "secure channel", as explained in <xref section="2.2" sectionForma t="of" target="RFC7050"/>.</t>
	</section>	</section>
	</section>	</section>
	</section>	</section>
	<section anchor="security-considerations">	<section anchor="security-considerations">
	<name>Security Considerations</name>	<name>Security Considerations</name>

	<t>Obtaining PREF64 information using RAs improves the overall security of	<t>Obtaining PREF64 information using RAs improves the overall security of
	an IPv6-only endpoint as it mitigates all attack vectors related to spoofed or	an IPv6-only endpoint as it mitigates all attack vectors related to a spoofed o
	rogue DNS response, as discussed in Section 7 of <xref target="RFC7050"/>.	r rogue DNS response, as discussed in <xref target="RFC7050" section="7"/>.
	Security considerations related to obtaining PREF64 information from RAs are dis	Security considerations related to obtaining PREF64 information from RAs are dis
	cussed in Section 7 of <xref target="RFC8781"/>.</t>	cussed in <xref target="RFC8781" section="7"/>.</t>
	</section>	</section>
	<section anchor="iana-considerations">	<section anchor="iana-considerations">
	<name>IANA Considerations</name>	<name>IANA Considerations</name>

	<t>This document does not introduce any IANA considerations.</t>	<t>This document has no IANA actions.</t>
	</section>	</section>
	</middle>	</middle>
	<back>	<back>

		<displayreference target="I-D.ietf-v6ops-claton" to="CLAT"/>
	<references anchor="sec-combined-references">	<references anchor="sec-combined-references">
	<name>References</name>	<name>References</name>
	<references anchor="sec-normative-references">	<references anchor="sec-normative-references">
	<name>Normative References</name>	<name>Normative References</name>

	<reference anchor="RFC7050">	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
	<front>	050.xml"/>
	<title>Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis<	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
	/title>	781.xml"/>
	<author fullname="T. Savolainen" initials="T." surname="Savolainen"/	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
	>	119.xml"/>
	<author fullname="J. Korhonen" initials="J." surname="Korhonen"/>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
	<author fullname="D. Wing" initials="D." surname="Wing"/>	174.xml"/>
	<date month="November" year="2013"/>
	<abstract>
	<t>This document describes a method for detecting the presence of
	DNS64 and for learning the IPv6 prefix used for protocol translation on an acces
	s network. The method depends on the existence of a well-known IPv4-only fully q
	ualified domain name "ipv4only.arpa.". The information learned enables nodes to
	perform local IPv6 address synthesis and to potentially avoid NAT64 on dual-stac
	k and multi-interface deployments.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="7050"/>
	<seriesInfo name="DOI" value="10.17487/RFC7050"/>
	</reference>
	<reference anchor="RFC8781">
	<front>
	<title>Discovering PREF64 in Router Advertisements</title>
	<author fullname="L. Colitti" initials="L." surname="Colitti"/>
	<author fullname="J. Linkova" initials="J." surname="Linkova"/>
	<date month="April" year="2020"/>
	<abstract>
	<t>This document specifies a Neighbor Discovery option to be used
	in Router Advertisements (RAs) to communicate prefixes of Network Address and Pr
	otocol Translation from IPv6 clients to IPv4 servers (NAT64) to hosts.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="8781"/>
	<seriesInfo name="DOI" value="10.17487/RFC8781"/>
	</reference>
	<reference anchor="RFC2119">
	<front>
	<title>Key words for use in RFCs to Indicate Requirement Levels</tit
	le>
	<author fullname="S. Bradner" initials="S." surname="Bradner"/>
	<date month="March" year="1997"/>
	<abstract>
	<t>In many standards track documents several words are used to sig
	nify the requirements in the specification. These words are often capitalized. T
	his document defines these words as they should be interpreted in IETF documents
	. This document specifies an Internet Best Current Practices for the Internet Co
	mmunity, and requests discussion and suggestions for improvements.</t>
	</abstract>
	</front>
	<seriesInfo name="BCP" value="14"/>
	<seriesInfo name="RFC" value="2119"/>
	<seriesInfo name="DOI" value="10.17487/RFC2119"/>
	</reference>
	<reference anchor="RFC8174">
	<front>
	<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti
	tle>
	<author fullname="B. Leiba" initials="B." surname="Leiba"/>
	<date month="May" year="2017"/>
	<abstract>
	<t>RFC 2119 specifies common key words that may be used in protoco
	l specifications. This document aims to reduce the ambiguity by clarifying that
	only UPPERCASE usage of the key words have the defined special meanings.</t>
	</abstract>
	</front>
	<seriesInfo name="BCP" value="14"/>
	<seriesInfo name="RFC" value="8174"/>
	<seriesInfo name="DOI" value="10.17487/RFC8174"/>
	</reference>
	</references>	</references>
	<references anchor="sec-informative-references">	<references anchor="sec-informative-references">
	<name>Informative References</name>	<name>Informative References</name>

	<reference anchor="RFC4861">	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4
	<front>	861.xml"/>
	<title>Neighbor Discovery for IP version 6 (IPv6)</title>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4
	<author fullname="T. Narten" initials="T." surname="Narten"/>	862.xml"/>
	<author fullname="E. Nordmark" initials="E." surname="Nordmark"/>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
	<author fullname="W. Simpson" initials="W." surname="Simpson"/>	105.xml"/>
	<author fullname="H. Soliman" initials="H." surname="Soliman"/>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
	<date month="September" year="2007"/>	052.xml"/>
	<abstract>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
	<t>This document specifies the Neighbor Discovery protocol for IP	144.xml"/>
	Version 6. IPv6 nodes on the same link use Neighbor Discovery to discover each o
	ther's presence, to determine each other's link-layer addresses, to find routers
	, and to maintain reachability information about the paths to active neighbors.
	[STANDARDS-TRACK]</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="4861"/>
	<seriesInfo name="DOI" value="10.17487/RFC4861"/>
	</reference>
	<reference anchor="RFC4862">
	<front>
	<title>IPv6 Stateless Address Autoconfiguration</title>
	<author fullname="S. Thomson" initials="S." surname="Thomson"/>
	<author fullname="T. Narten" initials="T." surname="Narten"/>
	<author fullname="T. Jinmei" initials="T." surname="Jinmei"/>
	<date month="September" year="2007"/>
	<abstract>
	<t>This document specifies the steps a host takes in deciding how
	to autoconfigure its interfaces in IP version 6. The autoconfiguration process i
	ncludes generating a link-local address, generating global addresses via statele
	ss address autoconfiguration, and the Duplicate Address Detection procedure to v
	erify the uniqueness of the addresses on a link. [STANDARDS-TRACK]</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="4862"/>
	<seriesInfo name="DOI" value="10.17487/RFC4862"/>
	</reference>
	<reference anchor="RFC6105">
	<front>
	<title>IPv6 Router Advertisement Guard</title>
	<author fullname="E. Levy-Abegnoli" initials="E." surname="Levy-Abeg
	noli"/>
	<author fullname="G. Van de Velde" initials="G." surname="Van de Vel
	de"/>
	<author fullname="C. Popoviciu" initials="C." surname="Popoviciu"/>
	<author fullname="J. Mohacsi" initials="J." surname="Mohacsi"/>
	<date month="February" year="2011"/>
	<abstract>
	<t>Routed protocols are often susceptible to spoof attacks. The ca
	nonical solution for IPv6 is Secure Neighbor Discovery (SEND), a solution that i
	s non-trivial to deploy. This document proposes a light-weight alternative and c
	omplement to SEND based on filtering in the layer-2 network fabric, using a vari
	ety of filtering criteria, including, for example, SEND status. This document is
	not an Internet Standards Track specification; it is published for informationa
	l purposes.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6105"/>
	<seriesInfo name="DOI" value="10.17487/RFC6105"/>
	</reference>
	<reference anchor="RFC6052">
	<front>
	<title>IPv6 Addressing of IPv4/IPv6 Translators</title>
	<author fullname="C. Bao" initials="C." surname="Bao"/>
	<author fullname="C. Huitema" initials="C." surname="Huitema"/>
	<author fullname="M. Bagnulo" initials="M." surname="Bagnulo"/>
	<author fullname="M. Boucadair" initials="M." surname="Boucadair"/>
	<author fullname="X. Li" initials="X." surname="Li"/>
	<date month="October" year="2010"/>
	<abstract>
	<t>This document discusses the algorithmic translation of an IPv6
	address to a corresponding IPv4 address, and vice versa, using only statically c
	onfigured information. It defines a well-known prefix for use in algorithmic tra
	nslations, while allowing organizations to also use network-specific prefixes wh
	en appropriate. Algorithmic translation is used in IPv4/IPv6 translators, as wel
	l as other types of proxies and gateways (e.g., for DNS) used in IPv4/IPv6 scena
	rios. [STANDARDS-TRACK]</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6052"/>
	<seriesInfo name="DOI" value="10.17487/RFC6052"/>
	</reference>
	<reference anchor="RFC6144">
	<front>
	<title>Framework for IPv4/IPv6 Translation</title>
	<author fullname="F. Baker" initials="F." surname="Baker"/>
	<author fullname="X. Li" initials="X." surname="Li"/>
	<author fullname="C. Bao" initials="C." surname="Bao"/>
	<author fullname="K. Yin" initials="K." surname="Yin"/>
	<date month="April" year="2011"/>
	<abstract>
	<t>This note describes a framework for IPv4/IPv6 translation. This
	is in the context of replacing Network Address Translation - Protocol Translati
	on (NAT-PT), which was deprecated by RFC 4966, and to enable networks to have IP
	v4 and IPv6 coexist in a somewhat rational manner while transitioning to an IPv6
	network. This document is not an Internet Standards Track specification; it is
	published for informational purposes.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6144"/>
	<seriesInfo name="DOI" value="10.17487/RFC6144"/>
	</reference>
	<reference anchor="RFC6146">
	<front>
	<title>Stateful NAT64: Network Address and Protocol Translation from
	IPv6 Clients to IPv4 Servers</title>
	<author fullname="M. Bagnulo" initials="M." surname="Bagnulo"/>
	<author fullname="P. Matthews" initials="P." surname="Matthews"/>
	<author fullname="I. van Beijnum" initials="I." surname="van Beijnum
	"/>
	<date month="April" year="2011"/>
	<abstract>
	<t>This document describes stateful NAT64 translation, which allow
	s IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP. One
	or more public IPv4 addresses assigned to a NAT64 translator are shared among s
	everal IPv6-only clients. When stateful NAT64 is used in conjunction with DNS64,
	no changes are usually required in the IPv6 client or the IPv4 server.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6146"/>
	<seriesInfo name="DOI" value="10.17487/RFC6146"/>
	</reference>
	<reference anchor="RFC7225">
	<front>
	<title>Discovering NAT64 IPv6 Prefixes Using the Port Control Protoc
	ol (PCP)</title>
	<author fullname="M. Boucadair" initials="M." surname="Boucadair"/>
	<date month="May" year="2014"/>
	<abstract>
	<t>This document defines a new Port Control Protocol (PCP) option
	to learn the IPv6 prefix(es) used by a PCP-controlled NAT64 device to build IPv4
	-converted IPv6 addresses. This option is needed for successful communications w
	hen IPv4 addresses are used in referrals.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="7225"/>
	<seriesInfo name="DOI" value="10.17487/RFC7225"/>
	</reference>
	<reference anchor="RFC7915">
	<front>
	<title>IP/ICMP Translation Algorithm</title>
	<author fullname="C. Bao" initials="C." surname="Bao"/>
	<author fullname="X. Li" initials="X." surname="Li"/>
	<author fullname="F. Baker" initials="F." surname="Baker"/>
	<author fullname="T. Anderson" initials="T." surname="Anderson"/>
	<author fullname="F. Gont" initials="F." surname="Gont"/>
	<date month="June" year="2016"/>
	<abstract>
	<t>This document describes the Stateless IP/ICMP Translation Algor
	ithm (SIIT), which translates between IPv4 and IPv6 packet headers (including IC
	MP headers). This document obsoletes RFC 6145.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="7915"/>
	<seriesInfo name="DOI" value="10.17487/RFC7915"/>
	</reference>
	<reference anchor="RFC6147">
	<front>
	<title>DNS64: DNS Extensions for Network Address Translation from IP
	v6 Clients to IPv4 Servers</title>
	<author fullname="M. Bagnulo" initials="M." surname="Bagnulo"/>
	<author fullname="A. Sullivan" initials="A." surname="Sullivan"/>
	<author fullname="P. Matthews" initials="P." surname="Matthews"/>
	<author fullname="I. van Beijnum" initials="I." surname="van Beijnum
	"/>
	<date month="April" year="2011"/>
	<abstract>
	<t>DNS64 is a mechanism for synthesizing AAAA records from A recor
	ds. DNS64 is used with an IPv6/IPv4 translator to enable client-server communica
	tion between an IPv6-only client and an IPv4-only server, without requiring any
	changes to either the IPv6 or the IPv4 node, for the class of applications that
	work through NATs. This document specifies DNS64, and provides suggestions on ho
	w it should be deployed in conjunction with IPv6/IPv4 translators. [STANDARDS-TR
	ACK]</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6147"/>
	<seriesInfo name="DOI" value="10.17487/RFC6147"/>
	</reference>
	<reference anchor="RFC6877">
	<front>
	<title>464XLAT: Combination of Stateful and Stateless Translation</t
	itle>
	<author fullname="M. Mawatari" initials="M." surname="Mawatari"/>
	<author fullname="M. Kawashima" initials="M." surname="Kawashima"/>
	<author fullname="C. Byrne" initials="C." surname="Byrne"/>
	<date month="April" year="2013"/>
	<abstract>
	<t>This document describes an architecture (464XLAT) for providing
	limited IPv4 connectivity across an IPv6-only network by combining existing and
	well-known stateful protocol translation (as described in RFC 6146) in the core
	and stateless protocol translation (as described in RFC 6145) at the edge. 464X
	LAT is a simple and scalable technique to quickly deploy limited IPv4 access ser
	vice to IPv6-only edge networks without encapsulation.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="6877"/>
	<seriesInfo name="DOI" value="10.17487/RFC6877"/>
	</reference>
	<reference anchor="RFC7051">
	<front>
	<title>Analysis of Solution Proposals for Hosts to Learn NAT64 Prefi
	x</title>
	<author fullname="J. Korhonen" initials="J." role="editor" surname="
	Korhonen"/>
	<author fullname="T. Savolainen" initials="T." role="editor" surname
	="Savolainen"/>
	<date month="November" year="2013"/>
	<abstract>
	<t>Hosts and applications may benefit from learning if an IPv6 add
	ress is synthesized and if NAT64 and DNS64 are present in a network. This docume
	nt analyzes all proposed solutions (known at the time of writing) for communicat
	ing whether the synthesis is taking place, what address format was used, and wha
	t IPv6 prefix was used by the NAT64 and DNS64. These solutions enable both NAT64
	avoidance and local IPv6 address synthesis. The document concludes by recommend
	ing the standardization of the approach based on heuristic discovery.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="7051"/>
	<seriesInfo name="DOI" value="10.17487/RFC7051"/>
	</reference>
	<reference anchor="RFC8880">
	<front>
	<title>Special Use Domain Name 'ipv4only.arpa'</title>
	<author fullname="S. Cheshire" initials="S." surname="Cheshire"/>
	<author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
	<date month="August" year="2020"/>
	<abstract>
	<t>NAT64 (Network Address and Protocol Translation from IPv6 Clien
	ts to IPv4 Servers) allows client devices using IPv6 to communicate with servers
	that have only IPv4 connectivity.</t>
	<t>The specification for how a client discovers its local network'
	s NAT64 prefix (RFC 7050) defines the special name 'ipv4only.arpa' for this purp
	ose. However, in its Domain Name Reservation Considerations section (Section 8.1
	), that specification (RFC 7050) indicates that the name actually has no particu
	larly special properties that would require special handling.</t>
	<t>Consequently, despite the well-articulated special purpose of t
	he name, 'ipv4only.arpa' was not recorded in the Special-Use Domain Names regist
	ry as a name with special properties.</t>
	<t>This document updates RFC 7050. It describes the special treatm
	ent required and formally declares the special properties of the name. It also a
	dds similar declarations for the corresponding reverse mapping names.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="8880"/>
	<seriesInfo name="DOI" value="10.17487/RFC8880"/>
	</reference>
	<reference anchor="RFC9463">
	<front>
	<title>DHCP and Router Advertisement Options for the Discovery of Ne
	twork-designated Resolvers (DNR)</title>
	<author fullname="M. Boucadair" initials="M." role="editor" surname=
	"Boucadair"/>
	<author fullname="T. Reddy.K" initials="T." role="editor" surname="R
	eddy.K"/>
	<author fullname="D. Wing" initials="D." surname="Wing"/>
	<author fullname="N. Cook" initials="N." surname="Cook"/>
	<author fullname="T. Jensen" initials="T." surname="Jensen"/>
	<date month="November" year="2023"/>
	<abstract>
	<t>This document specifies new DHCP and IPv6 Router Advertisement
	options to discover encrypted DNS resolvers (e.g., DNS over HTTPS, DNS over TLS,
	and DNS over QUIC). Particularly, it allows a host to learn an Authentication D
	omain Name together with a list of IP addresses and a set of service parameters
	to reach such encrypted DNS resolvers.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="9463"/>
	<seriesInfo name="DOI" value="10.17487/RFC9463"/>
	</reference>
	<reference anchor="RFC9499">
	<front>
	<title>DNS Terminology</title>
	<author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
	<author fullname="K. Fujiwara" initials="K." surname="Fujiwara"/>
	<date month="March" year="2024"/>
	<abstract>
	<t>The Domain Name System (DNS) is defined in literally dozens of
	different RFCs. The terminology used by implementers and developers of DNS proto
	cols, and by operators of DNS systems, has changed in the decades since the DNS
	was first defined. This document gives current definitions for many of the terms
	used in the DNS in a single document.</t>
	<t>This document updates RFC 2308 by clarifying the definitions of
	"forwarder" and "QNAME". It obsoletes RFC 8499 by adding multiple terms and cla
	rifications. Comprehensive lists of changed and new definitions can be found in
	Appendices A and B.</t>
	</abstract>
	</front>
	<seriesInfo name="BCP" value="219"/>
	<seriesInfo name="RFC" value="9499"/>
	<seriesInfo name="DOI" value="10.17487/RFC9499"/>
	</reference>
	<reference anchor="RFC8305">
	<front>
	<title>Happy Eyeballs Version 2: Better Connectivity Using Concurren
	cy</title>
	<author fullname="D. Schinazi" initials="D." surname="Schinazi"/>
	<author fullname="T. Pauly" initials="T." surname="Pauly"/>
	<date month="December" year="2017"/>
	<abstract>
	<t>Many communication protocols operating over the modern Internet
	use hostnames. These often resolve to multiple IP addresses, each of which may
	have different performance and connectivity characteristics. Since specific addr
	esses or address families (IPv4 or IPv6) may be blocked, broken, or sub-optimal
	on a network, clients that attempt multiple connections in parallel have a chanc
	e of establishing a connection more quickly. This document specifies requirement
	s for algorithms that reduce this user-visible delay and provides an example alg
	orithm, referred to as "Happy Eyeballs". This document obsoletes the original al
	gorithm description in RFC 6555.</t>
	</abstract>
	</front>
	<seriesInfo name="RFC" value="8305"/>
	<seriesInfo name="DOI" value="10.17487/RFC8305"/>
	</reference>
	<reference anchor="I-D.ietf-v6ops-claton">
	<front>
	<title>464XLAT Customer-side Translator (CLAT): Node Recommendations
	</title>
	<author fullname="Jen Linkova" initials="J." surname="Linkova">
	<organization>Google</organization>
	</author>
	<author fullname="Tommy Jensen" initials="T." surname="Jensen">
	</author>
	<date day="25" month="July" year="2025"/>
	<abstract>
	<t> 464XLAT [RFC6877] defines an architecture for providing IPv4
	connectivity across an IPv6-only network. The solution contains two
	key elements: provider-side translator (PLAT) and customer-side
	translator (CLAT). This document complements [RFC6877] and updates
	Requirements for IPv6 Customer Edge Routers to Support IPv4-as-
	a-Service (RFC8585) by providing recommendations for the node
	developers on enabling and disabling CLAT functions.


	</t>	<!-- [rfced] The following reference is not cited in the text. Please let
	</abstract>	us know where it should be cited; otherwise, it will be deleted from the
	</front>	references section.
	<seriesInfo name="Internet-Draft" value="draft-ietf-v6ops-claton-06"/>
	</reference>	[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
		NAT64: Network Address and Protocol Translation from IPv6
		Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
		April 2011, <https://www.rfc-editor.org/rfc/rfc6146>.
		-->
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
		146.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
		225.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
		915.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
		147.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
		877.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
		051.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
		880.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9
		463.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9
		499.xml"/>
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
		305.xml"/>

		<!-- [CLAT] [I-D.ietf-v6ops-claton]
		draft-ietf-v6ops-claton-06
		IESG State: I-D Exists as of 09/09/25
		-->
		<xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.
		ietf-v6ops-claton.xml"/>
	</references>	</references>
	</references>	</references>

	<?line 236?>


	<section numbered="false" anchor="acknowledgments">	<!--[rfced] FYI - We have alphabetized the names listed in the Acknowledgments
		section. We believe that was the intent as only two were out of order. Let us
		know if you prefer the original order.
		-->

		<section numbered="false" anchor="acknowledgments">
	<name>Acknowledgments</name>	<name>Acknowledgments</name>

	<t>The authors would like to thank the following people for their valuable	<t>The authors would like to thank the following people for their
	contributions: Mike Bishop, Mohamed Boucadair, Lorenzo Colitti, Tom Costello, C	valuable contributions: <contact fullname="Mike Bishop"/>, <contact
	harles Eckel, Susan Hares, Nick Heatley, Gabor Lencse, Ted Lemon, David Lou, Pet	fullname="Mohamed Boucadair"/>, <contact fullname="Lorenzo Colitti"/>,
	er Schmitt, Éric Vyncke, Chongfeng Xie.</t>	<contact fullname="Tom Costello"/>, <contact fullname="Charles Eckel"/>,
		<contact fullname="Susan Hares"/>, <contact fullname="Nick Heatley"/>,
		<contact fullname="Ted Lemon"/>, <contact fullname="Gábor Lencse"/>,
		<contact fullname="David Lou"/>, <contact fullname="Peter Schmitt"/>,
		<contact fullname="Éric Vyncke"/>, and <contact fullname="Chongfeng
		Xie"/>.</t>
	</section>	</section>
	</back>	</back>

	<!-- ##markdown-source:
	H4sIAAAAAAAAA5Vb3XbbRpK+x1P00heWckgqshX/6MzOhLHsRLOyrZXkZOb4
	6KIJNMmOQABBA5IZHz/AvsU+y+6L7VdV3UCDpDNZ35gCG93V9fPVV9XNyWSS
	NLbJzakaXZm0XK9NkenGloVTi7JWZ9al5b2pbbFU55f3z9RlbRb2k/rgTMYD
	+OEsy2rjnLreFM3KOOtGiZ7Pa3OPWekFU6urN69ePH9xPEpS3ZhlWW9OlS0W
	ZZJkZVroNdbPar1oJtY0i8n9s7Jyk4rfpLcm3z5PXDtfW+cgWbOpMPz89c0b
	pR4pnbsSy9giMxVkN0UzGquRyWxT1lbn9Mf57Af8B2FH51c3b0ZJ0a7npj5N
	sFFzmqTYqylc605VU7cmgdBPE10bfaogRfJQ1nfLumyrU8ViJXdmg2fZaaIm
	vHv6/+zd9bMT+nB59fqNfHo3u5EPry5mN8m9KVqspdRgKqVkL79gDdLwj/Ql
	nq61zf2Y70kh07Je4rGu09WpWjVN5U6PjiC9bmqd3pl6GgYdPSyP+LUjPS/b
	5ogWtM2qnUND87bWy9yWR6LoYt78+mu+o+oRXsmhF9fglbCUzDGFexz92VkS
	3TarsiYtYUalFm2ei53f2fRO/eCn4e8guC7s7+x2p+p1YerlRl2n1hSpceqd
	acgGPNKIZrq9fA8XfNB1BuVVuS7MtDDNaHfJG/j1Rv3dkKEH8zTlr3jI6vt+
	Sc9oj3smwKvqwhZ35b3eI/GPZbnMzWDiRVvXm+On8aRFWa/xwj27AcLh+bff
	fes/kspOk4QCYjjm5MWz4/7jE//x2fG334WP337XPz056T8+C6s8eRLGPn95
	/F0/4Hn4+OL5816isNqLFy+CcC9Pnj3tPr58GQY8FRnOJ2fTKGZT+A5UkiST
	yUTpuSMHbZLkfaEKMaNTVV3e28wDysmEAQTDCpezOtWBF/VwrFala5zSRaZK
	4EqtEN9VaQs8KwzwpynVXVE+KHwnOFQxOB0Yd6jaAFCDqWkkB6YfOg46PJyq
	m5V1CmjUAgIbLyXcb9niv9wWRgAxfltlHh03Y+Uqk9qFTXWeb1QdkJR2Wc4b
	bQv6tL26WtTlWl0hULG3WYaJGusML19WnS7IOQ7VwwouqO/hTXqem6koeG2z
	DI6XPFLnRVOXWZvSW0lyZu4thU63dyw+h/4N5iCls0pFY4QfjVoZnZnaqY9e
	97ekP6WH0kLda135CQTxsQbMUfYW8M+hDp2aMa9Doijszelp8gvvIvhCr2Re
	Z6xso2ADnd3rotFLU7ai897sWEqnv7W2Nrykn+exGwiK+Q4Ehw+nSZzA6BX5
	AlOSGt1ganitUt+o83WVixFofNq6plybeuIgaKdQCHVAuH4IjChY6apc8PiT
	Zyf/wBeM1bYxadNC1o8+zm6nvMKNn8WILnOMq5HGaHesxO7BwbWRyZ9Pj2mB
	jz7wbg9loktTE2KovITfSRKStRDet51oTgZft1VV1o3SVZXDTyXH1ybfsJMW
	A7sqRnLI0IvwdPpk+iQIQahCQiRnGwCkTYNau4AgO8KFgKAcpcZUu96PxLuw
	SyA5z99Wk6acUEoewysRCWmb6xrBRB7QFmtdwCOyyGADx3hY2XSl1li7c/QA
	ONPko0fbW3JWDhOKDYizsLVrRG+TuSbEWJt0BWR3a152Z1cyCNL6KY9v4eI6
	34DyTJOfygeDUcCCdu7Mby250NogC2ZOrTRLBrEyjMnLSuArqLuXMLdr22hv
	tuQNhLCFa3RB0fTRo8EtJlkwIiFCjV2u5hFT2/AwShy3AUVoK/tQBg52NQNW
	QhDY4t5swoa7RISX8SXD8DRhgIT31KWGrsvFghDD0ZbhJ13QRl77tPNZEhp4
	bos0bxkUF+T9bqU5Lh9ALzzC01IdPAwdBE6BXIxNkGLOWkOSwcUzTVuBBA50
	owHuYkYXorHXa2/Yg8+fwSNb4758OYx1asUnhMTUsI8r87bTX2EeoPUqLzes
	uWnSwYSPJCzf5nipqZG++RUiltY15AZer4xdzvKk3jNIreYrLhiCjTfg558b
	cAwSg/0Q4cGJ4WrmXw4ei4zVhWHRpQ0mwZrcZoE8NQf2s6C5Wep0o9wGwq4J
	0VNd0XASANZGtLgt+LyaqffsW1NKPjemhtbLvFxuYBnayimWGIaS86XB7zTT
	DP84SdYIDU6C3Z9j79sZxOixDMswdOzOG6e4KKMFMD3p/t5KRUqR3mNywNm/
	QJRuBpOyTwyzpE5JVP4ypL6j81dvLztgp+lmOaocOPZ6e0OcX6ceCvuE4lSq
	kUUqRBNCA2MR9Q0D6IFXw8ntIdmPn+eEGusSKenATJfTr6apMZcf4z4DHfo4
	7ohOS0l8xNKMxDeWpqCQtr8TRsG0rGcd5z5BW36Ttt9LFBQR61X/oSKE3cmu
	HSOBJYawoFhnEPBF5snRDlEEcUhrOx+4ygm5infSA0JwRDPc5vSoYN+P88/h
	qZoVMW/sOeOQyoSilkUVLBB86kkQfYNIacq0zN1ASPZuni/NrSkix3SmJlfE
	qsHNvqopYqi0sb1UERhOWwlOypuAD/9hYiB5ry9ms1eShPx0Af8cFV4BQmte
	E3HZlEvDGB3BtWxsANNR7oDEvMipUtfkIhekztArmLVN+Sp+cxzke3KbMCii
	0FYPDBGjtx+ub6iSp//Vu/f8+er1f344v3p9Rp+vf5pdXHQfEj/i+qf3Hy7O
	+k/9m6/ev337+t2ZvIynavAoGb2d/XMk7HX0/vLm/P272cWIjNEMQkfXnITm
	FK7QETTXQPfaJQPP/OHV5f/89/GJ+vz537C/J8fHL7988X+8OH5+gj8IwmW1
	DtHHpPtNgmxrNFEA+EYOgKjADXLYQnO+eSgASTUVA998JM3cnqq/zNPq+OSv
	/gFtePAw6GzwkHW2+2TnZVHinkd7lum0OXi+pemhvLN/Dv4Oeo8e/uVvVIep
	yfGLv/01ocSzr2Plg7/zeox7pM66zL33ndeBRyZJ91H5vekGSbFqyNBSye0j
	SVLIzVDcIigiSgHqhpxBoSRRHvMRSv+gEYWE/nwQdHuWsJTlyfRFR3sVdKbS
	VVk6IUPkI5zUfVrqM2WEJ14CnwbqgTboReE/HXuSjUScBDpVlCa3wVz4tYtZ
	DwNFIIPfRSUMzTn9M4Z5z4kByRH534NuGR55OkZqFVj3BvNF5dd0uJcHD8zG
	kj1Sb8u5BQcK676ifWVGsAry/LKib3sVOV9eWcpi4F8bBoUl5bVMimRK13VI
	8SR2IFzEBmWxrqAZKxQQtmLFyD5F1X5cyECmuLd1WcgmygW0rnI4ABIShoFn
	Gk43QrtN7FnC3kQuuBWzUBi+rA0jj7KwRGaJifSklxFKCmfpUSzCbEg3XrDe
	Omu9UUXZgJmATBcN9AGcXBjtLDFLmoqzy5bRYZ08uNUu2NJ8kp9oPl/I0nSs
	3YFmOkF4a84MVUWTId5KaiNKJQYdlTUMSFvujcrkeg3Wh2U1/JjK7DlZFvwE
	TL+V8r6tYGZqYxA7gxUeaHqQIqLXRvMQUAUbijp2Lrv0+XLbr5hD8liukwhY
	hpXMyrQ1AgxFN8TuyUMvdFeircEAGqhYGiaavNyWjEaNXRvaHB7Pkcn7+Kb4
	NZ8wPZezKi95divmbPQd+wPMxU5Ly3ZYtCjLpkI512yV7wNOQWaX7jtJ0Zfv
	dVvwdmH+jANmJ0jGnnRmJXtBiLYoaDusYOuC1FgnpmWxgbZwggWMSCPY74nG
	t9zqs1RIlNDUGtBBa/rZucDYr/wxiSG6141vXOE5ENjphfG1/d6JtowEA6Ym
	7kPRfB2YEIhiTp0/6I0L2IynDMMR7nLaoF5JnsNseB7M7qvVxDscBNaYSvwq
	rjr7HgcdqOBt6ZKEQxWUhzC4dJgQmr5EYKyoDSLCUN+ikAUw6vr1K7Z1eAFB
	XuFLBqUNpYgUSBh1Cp71rSWu9w65rnxNjsiFHdfrkk/8ntXnR76K55JzZxc7
	3aao9eNQKSFvIl2aYmk611qLn8RNDi5qROuCM4gSfzwSNXJ0jpRScN8ee3It
	XgRB2y6Vo15DKMKc375HPammiPbK1ojnuTK1HBG8+c7iY/kbhRLw0QcjOTjF
	BimhdW47N3MrSciGb1mRykOTQ/KtNNzhvEGRQx0edG0vMtC1XWKinAzU5Vra
	ru86RdURPFh2tIvvQQUHzhi1v3HEkmUG3Ct3hx1tiNzSp+jJpWT+jKhEWzvq
	w1wZbJDKrCR50/eK8s14b60jmw25yXwCWqh7nbfdgO1CsdnqIXCS8tKEEwFi
	kCgGQDuGaba3jA9VNwTUbKtz3XfhW1+qSXTVYYuB+XD5F7XHQTJF+oyPBbgH
	VMRtYE/buBQTyKQVpMKrO1X262ACADa1CqTxvDtG1IuMigdVKecgdJImA6Sr
	Nrs8l8I5t/Na18RVSH1eGZkAclouC/u7UY9tdX9C1dFU15WePpZOBasYAvDU
	NNWShAA8hi+aGvmXbO4Djr2QRxIyEsFhq4Vwp/V3ooeOwm6j7i6mX2F1buaW
	c67iM0FtBp6FeYiBebtLGOctmniA09Ip25adnG97/9NkRgqAOtscGTdYT5IX
	ZRVPLWmrg4a/N25kTDYzAxvZjKj9V/xIzSHRnYtpZHQAlqPQ8S2xzDAfymil
	GmFEvIPCDLH78+W7oTzEK2iG2nqCGvz/sSP/HjYXxnIc9EmTVsckXrxxI0U4
	NTLozdBf0SJxAfb92O31Z9/XSTk75vmOpzarumyXK54GG+gZ5d71mk3ljwGJ
	ivsgDWcxmhOgRxhBAur7CbGVuiUuWPgUP1Y4I4/vktFjCcDtQCctD2Oa+onl
	hMTCHyMHA2BakC462VyOfCeR2S63ILScYbDrBesD5xYEZ1Q1UhGV9Ud/tJ7M
	djiOqEwoAbpkIs5E/WRdh8OGkH0Ls+QMSoUTyELKVMhYbqMXlBfuSXNyTvVs
	wlL2Jzy0cSaykbtOOjcWE3Sw3jtYcAEEdIWEwsEBDkeAQyN/MXk++Y+C+iz+
	2svBs5PTxeLl/PT06OWzcd+bOxwPsfuBe/X4E7WB5+g6mJCgAmsjr9g+ifgq
	qbdkDzeL4dRE1OmUxfIpuG9ENig2VoQVDE9wqMfET+j4MbxP5xdhuJSIkuzw
	jqVDQAJ1bujq3QQ25ADvri/Hfbv1TxCBDCjeVrnZjxx9iUPkw0d9H5uD+Jfk
	Hyrya66wzgsUS9Stlog5M7neJHLQLIrnFiT3TbhbySdMfYx2uVcTE1+C40Hw
	6Jg5VvOWLG98p1icMSrdqbrKN3vPRNPachW554xTCFwlR7okeHyq2/Wuu0Pd
	sQpEkzr8/pDAd/g/wKh573HE9Lh1ZbLxdgjwHQyJ+RiWKVioMm+LwBF821rG
	othtmO7zWFITQpaythxn7W089UkxK6FvAoY5KFm+t1MT9Zj/1Wng2OfzYMeG
	UhFsTJkMQFVkE9CvSkreA+zCUVhq72a/tUTlZYLUUFrgpFrRnbBDpRdNh1oi
	hFT1Wx1v8lLKSA3tPwmtpe1wGIeS2Z90YlGAZc5lk48NX6AzDoeI8KZzg0MJ
	f+QA7Wrk/75HD5YJxfplJVouMDvxZMjwocp4KfDkSi+13BXZ4dz+uJEa9u5U
	jW587lTSFE4BNMa3buAvDERBdygX2/6iRXfyEkUAnyZikL8agld90w6Tge0I
	Sx2ORgFGbS3UCSW1HeaSM2ngzc1F4OURUr+DWzwOpzbUJfGHja5s69T4Y0Yi
	JeQt09GQR5XcpIjiJghDkROK8bmRNNxylAVJZMaMj5n6b1hzPAknMdejXYf0
	XBLQWjDc8GyzOw+U9gRRlEETD8t1uvK+xetR8BBv6NcNRuGvd0XwtKFbjG5X
	MVWUZBOvKeVQ60IJ180iJxbdxSxm1D6fSzOh05RMUZumrYueZArOCYnybF16
	5My2sQTwGbUAXbGi4qjWD9TqdqdJ8o1Sb3XR04Euh5tPXJfng7ndFvvimxkF
	34Bo6jJXHVHpRO1ysFdBp5258QrKyOikdRILmeEbOV3240PGDqrBa3RZkfbO
	HdVPoKR8cBSQi1YO/k5HP3S1AuxZfdVM1IpabNi6voGko/wSMve6pbsVBLve
	gHJ07GO2v5UF19FLLhMDd+B5IVtNfVigzbLtNqf78KFgpMKSyMjdIceLdCD9
	mlXppPkb/JNPzeq26t2zh/qe8gWKBPaJZxCbxaGW1teyjO+wUSssVo+/TciU
	ess0dr223O6mzgAc0vm7e5p5DCejtsp8Kz8+36RWLrZuV3zvhO+OhRz6VWiN
	KAfHIySkkoaOtqj68GCa7QWuYXOGUhy0syY/lh157+55LM3IljNZdz0uYpfD
	dpfvrbuoOSaVA1Ln2m+Tfbiiyx4E/tJDzixdBiL+Ooy0uaEGcqgKu0Hn15eu
	a04TCkTf+W3wwRgTnFQ76oRJhzWtW6mNycdDQSJkxHdkunsmFFD9JUVqNBVN
	OBjjxgS48bDf4xXdnfubXPytJ2cL9ijZlQuTxXc5WS5s77Eb3oTk7Ujef5Bb
	Lh0ad0Hc9fqUIVv0mSc4q3dDR42BdeyH8cWqrbuwA5qAlG8e9GaavApnMr6B
	67MP6gDLbU7uEPOlj+CgdPFT9w0n5kfqIGjOrxX8jFVhG75YprubsbHodI0n
	ChuXmkKD+kAympivzoUeHUsgzgKmxNxKjn/EPhSifHbDBt0yoeyBmkLdqS1E
	PiI3IRIYHMgbsp8G1Yot7v6Ay7mALl3DlG/i+1I22Eu7/m4F5zn5WtgaW0Y6
	eXSAMLxx5/cW+2qBbLYqq2mHKi8YVfbev77tuljOd1m9guUIkSJW2qmCYNfU
	EyGoHcLXzA2bYd1l1AGcjUP23rqBFlc9gJeC3Yj7JFVZLhhcOVFIqIfzMSYd
	1PiSlEQnqbUfCDioF4il/oZOdB8vbqcSX5BYc2Fju83+YauPQvrBH82dUTKx
	4U4v68aoVytK2Ln6/IjnNJNUHkwQW1+S5Kvg/thtlVH+vdC+j/HScwOtRrJG
	GDvyItumu/dJEWng+SP9lel95EqjUu7DopI1+UI6gsN16eaSJ4lkoHCRaQI8
	4JS3poYN5QIJbMraqfFNfgojva64TQ02zbyNiQ5fLsio5079EL73XYhVhhIP
	rjtyOR2W3Wr9DW7Y81UIujCnc3hLxofLUA4dCmB7SyqYml6wQd+QApFPsWm/
	V7PJj61GQfDR/67idppcsQm5ZS2EquzbuExEeSFn4lPTvnVGns46CG0u/mpw
	zTSwZ7BAOXvo3Yd939ClzX6C2ro775tb3vja74g1B6ehH1p0ZxUkqd+yJ4VR
	Bd770W+tzokdfc2T9jmqvyrLpwTM+Ua8vEeAe1s3mJTOVe8pnQVWd/Dz5btD
	3yccTdWsu6XLpTl/pssT1CEhkzXSsI+Pe/l2FXFbOYxnUxLzJ8nL3ZsV0kDm
	a3dTJfc1uEZJqTsXUh/zfz7zlJNY7utzciLNRiYOJJNcKerSEPJ1KQ6Vdr2R
	yAjdGWEOWwyVfkhzK0Z5CNd6GZeZikFxTEUB2+GiOBPg/r4DbcxnL/rhCnWj
	+dCbthHOWj3RDjJJH7RPSOzNWw1+aZj1FwZhk3C2hkCgLl/Dp2uhOffR/zxo
	sBX6LZ2v0MOVR/6VTl/JePq2VfRFRpYeVafKzgj/MgroN1rqQm8M3ekK78tt
	Qv8LIj9WOMF8E8VEtAVO7v+viIgDye2D8K2QUSNiGCpnUYWrk+rpN33xzgHL
	q8Jz7T8RMmvqF/lgiObfPoQiIbZXCjjKmysIOeBfyiwWdFpFgC6/e2C2h8oy
	PhiQeqwLMCkoQAVdl9DoTjzRduKVxG4gh1tsZGx0/sUs318/KPimtfSZugGc
	9LhLS8Tayo0SqXvxXtnd1m5WnBvkPgbtS7ppIJGmnohOogji0j/6iVZ8oCvM
	1v84zBk6UvObggqyzN9JkMPVmDbs2B9eYT4B8AMKfP4c6JT/WY33wy9f+OpD
	R8m2rwe9735NtqdrKvFL9BQmr8t731Ys+ScaeU+HBLR3e9ckJVftjV1yGqK3
	PPu6N3J1JmRnsiMxOWl+SE/At+65OuBLqn+CPzKh9SxtsNd4pfKPdt1dvtw5
	vt1Zsbvfp85n72a7d68GN866NnV3dYS9jd8ciup/jkcNKZp7lhLg5SZbMjdN
	Pp/KnSeT/ftoAf82oy+CSfIbWedRJ7d3RrBeI3TJcHKdh7ZdmZJgy/dCbM2d
	KU4F3Lei6wUkyKl6S5P8YB1KhbF6W640Few/lG2qM21R8F8gyxS/l9h6bpvG
	jum3sfgD6RJLjQlTa+ILr9M7k4/VdevgKD9BsaBb/MPdn8BPcoPa7EdNl8sv
	ACFk6xuscmHWxNPO9L3FH2U7VpfUoFfX6Qoehej+3/+qEW0/bwpMTkshYEGk
	luofFgXy/wFt3l6Aij4AAA==


		<!--[rfced] Throughout the text, "RA Option" and "RA option" are used
		inconsistently. Please review these occurrences and let us know if/how they may
		be made consistent.
		-->

		<!--[rfced] There are a number of instances throughout the document where an RFC
		citation is used as an adjective. To clarify that the content of an RFC is being
		described, not the RFC document itself, may we rephrase these instances? An
		example from Section 1 can be seen here:

		Original:
		However, subsequent methods have been developed to address
		[RFC7050] limitations.

		Perhaps:
		However, subsequent methods have been developed to address
		the limitations of the mechanism described in [RFC7050].
		-->

		<!-- [rfced] Please review the "Inclusive Language" portion of the online
		Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
		and let us know if any changes are needed. Updates of this nature typically
		result in more precise language, which is helpful for readers.

		Note that our script did not flag any words in particular, but this should
		still be reviewed as a best practice.
	-->	-->

	</rfc>	</rfc>

End of changes. 47 change blocks.
	714 lines changed or deleted	367 lines changed or added
This html diff was produced by rfcdiff 1.48.