v Mobile IPv6 Issue List Mobile IPv6 Issue List

The following table gives a list of known issues that wait resolution in MIPv6. The Draft field tells which draft version contains the solution, and the Status field tells the current situation as follows: "Open" means that the issue is still open. "Adopted" means that a consensus of the resolution has been found. "Rejected" means that there is consensus that nothing should be done. New issues can be submitted by sending e-mail to the list.

A color coding scheme has been applied to help find the open issues. Solved issues (Adopted or Rejected), with modifications applied to the draft, are shown in green. Other solved issues are shown in black. Unsolved issues, or issues lacking text are shown in red. Issue statistics are tracked on the statistics page. Warning: e-mail sent to the list or to me personally on MIPv6 may be included in the issue descriptions either as such, in an edited form for clarity, or be omitted. Correctness of the issue files is not guaranteed, and comments may be attributed to wrong persons.

The most recent versions of the drafts can be found from the drafts page.

#  Status    Text Draft  What                                   

334 Adopted  Yes  -      Brian's editorial issues
333 Adopted  Yes  Rep    Soohong's nit on 8.2
332 Adopted  Yes  -      Section 11.7.1 should not indicate HAO is optional
331 Adopted  Yes  Rep    Hesham's on-link care-of address clarification
330 Adopted  Yes  Rep    Frank Quick's IKE phase etc clarifications
329 Adopted  Yes  Rep    Three/two rules in 10.3.1
328 Adopted  Yes  Rep    Token/nonce terminology in 9.4.4
327 Adopt?   Yes  -      Connecthathon issues
326 Adopted  Yes  Rep    Section 9.3.2 typo
325 Adopted  Yes  Rep    BRR directly to the home address without RH?
324 Adopted  Yes  Rep/Op Refresh interval is not absolute time
323 Adopted  Yes  Rep    Not really silent discard if you send MPS
322 Adopted  Yes  RFC    Typos reported by Jee
321 Adopted  Yes  Rep    Typo reported by Jinmei
320 Adopted  Yes  Rep    IANA and Status Codes

(Drafts 24 and 06 posted)

319 Adopted  Yes  06     Current ha-ipsec IKE variant too complicated
318 Rejected Yes  23     Do PD before re-registration
317 Adopted  Yes  24     Typo in 6.8
316 Adopted  Yes  24     Not home link error check no longer needs to track RAs

(Draft 23 posted for third IESG consideration)

315 Adopted  Yes  23     BE text clarification
314 Rejected Yes  22     2nd IESG review: HMAC fields need an identifier?
313 Adopted  Yes  23     2nd IESG review: manual/automatic key management
312 Rejected Yes  05     2nd IESG review: Steven worries about the API requirement
311 Adopted  Yes  06     2nd IESG review: Resolving Russ' replay protection comments
310 Adopted  Yes  23     K=0 or 1 for manual keying?
309 Rejected Yes  05     Home agent side IKE policy match decision
308 Adopted  Yes  23     Avoid router lifetime going under a second

(Drafts 22 and 05 posted for second IESG consideration)

307 Rejected Yes  05     Santeri's complaint of BITS problems
306 Adopted  Yes  05     Francis' review of ha-ipsec
305 Rejected Yes  21     Do not understand IKE identity payload requirement
304 Rejected Yes  21     Use home address as IKE address
303 Rejected Yes  21     Relax rules to allow VPN gateways to secure BUs
302 Adopted  Yes  22     Keep Section 7.6 (DAD Collisions) in the document?
301 Adopted  Yes  22     Logging observed prefix difference text is unclear
300 Rejected Yes  21     HOT, COT attack when both nodes are mobile
299 Rejected Yes  21     IESG review: combine multicast router discovery and mipv6 ND options
298 Adopted  Yes  22     IESG review: security - other issues beyond IKE keyword
297 Adopted  Yes  22     IESG review: Movement detection and and router reachability
296 Adopted  Yes  05     IESG review: Russ Housley's comments on ha-ipsec
295 Rejected Yes  05     IESG review: Randy asks about doc length, discovery, virtual home nets
294 Rejected Yes  22     IESG review: Steven Bellovin's comments ha-ipsec
293 Adopted  Yes  22     Align BAD calculation rules in Sections 5 and 6.2.7
292 Adopted  Yes  05     Stephen Kent's comments on ha-ipsec
291 Rejected Yes  21     IESG review: take in account the site-local decisions from IPv6?
290 Adopted  Yes  22     IESG review: base nits from Erik Nordmark
289 Adopted  Yes  22     IESG review: additional base comments from Erik Nordmark
288 Adopted  Yes  22     IESG review: base comments from Russ Housley
287 Adopted  Yes  05     IESG review: ha-ipsec-04.txt
286 Rejected Yes  21     Replace HAO, RH2 with tunnels
285 Rejected Yes  04     Path MTU discovery and per-interface SPD entries
284 Adopted  Yes  05     Bernard Aboba's comments on ha-ipsec-04
283 Adopted  Yes  22     Questionable mobile node requirement
282 Adopted  Yes  22     IESG review: security - IKE keyword part
281 Adopted  Yes  22     IESG review: technical
280 Adopted  Yes  22     IESG review: editorial
279 Adopted  Yes  22     Connecthathon: NS source from HA during de-registration
278 Adopted  Yes  22     Connecthathon: Movement detection and same link-local addresses on different routers
277 Adopted  Yes  22     Connecthathon: Should CN respond to BUs with H=1?
276 Adopted  Yes  22     Connecthathon: Sequence number example wrong
275 Rejected Yes  22     Connecthathon: Should HA respond to NS with source=registered home address?
274 Adopted  Yes  22     Connecthathon: Send ICMPv6 Param Problem and MH BE without BCE lookup
273 Adopted  Yes  22     Connecthathon: Can HA be a CN simultaneously?
272 Rejected Yes  22     Instructions for treating MPSes from home link
271 Rejected Yes  04     IKE Main mode DoS problem
270 Adopted  Yes  04     On-the-wire format error with alt-coa in ha-ipsec
269 Adopted  Yes  22     Clarify that destination's BCE should not be used for HOTI
268 Adopted  Yes  22     Looping BCE entries
267 Adopted  Yes  22     Additional editorial issues from Ed, Bryan, Greg

(Drafts 21 and 03 posted, IESG review and IETF Last Call started on Feb 26th)

266 Adopted  Yes  21     Editorial issues from Ed Remmell
265 Adopted  Yes  04     No IANA considerations in ha-ipsec?
264 Adopted  Yes  21     Editorial in 10.3.1
263 Rejected Yes  20     Adopt a single tunnel SA pair scheme
262 Adopted  Yes  21     Editorial on reasons of rejected BUs
261 Rejected Yes  20     Make CN binding procedure more optimistic
260 Adopted  Yes  21     Nits on CN binding procedure
259 Rejected Yes  20     Should not expose router's address with R bit
258 Adopted  Yes  21     Remove configurability of site-local forwarding
257 Rejected Yes  20     Split the doc
256 Adopted  Yes  21     Infinite lifetime considered harmful (reopening 172)
255 Adopted  Yes  21     How to respond to a home registration with a BAD (reopening 177)
254 Rejected Yes  20     Require MN to initiate IKE after movements
253 Adopted  Yes  21     B.2 HAO dangers vs. current 9.3.1 IPsec rule
252 Rejected Yes  20     BA DAD failure should not disable address forever
251 Adopted  Yes  21     Confusing HAO rule in 11.7.2
250 Adopted  Yes  21     Disallow BCE creation from all ICMPs or ICMP errors?
249 Adopted  Yes  21     (AD) IPsec HA-MN document nits
248 Adopted  Yes  21     More instructions needed for setting L=0
247 Rejected Yes  20     Rate limitation too severe when multiple HoAs
246 Adopted  Yes  21     Check H bit when verifying on-link address?
245 Adopted  Yes  21     Prefix fetching intervals not defined
244 Adopted  Yes  21     Clarify de-reg sender sets both life=0 and coa=hoa
243 Adopted  Yes  21     Renewing registrations when lifetime approaches zero (reopening 179)
242 Adopted  Yes  21     Avoid "forwarding to tunnel" terminology for MLD
241 Adopted  Yes  21     Editorial and semi-editorial issues from Pekka Savola
240 Rejected Yes  20     Remove randomization of DHAAD
239 Adopted  Yes  21     Better justification why DHAAD doesn't need security
238 Rejected Yes  20     Send BAs via home to avoid special case
237 Adopted  Yes  21     Avoid keywords in mandating RO usage
236 Adopted  Yes  21     Appliances that don't have config knobs
235 Adopted  Yes  21     What if prefixlen != 64 and DHAAD is used?
234 Adopted  Yes  21     Roadmap of different coa usage scenarios needed
233 Adopted  Yes  21     160 vs. 128 bit entropies in RR
232 Rejected Yes  20     DHAAD is feeping creaturism?
231 Adopted  Yes  21     Prefix discovery changes needed due to S=0 removal?
230 Adopted  Yes  21     DAD delay text suggestion (reopening issue 154)
229 Adopted  Yes  21     Deregistration keygen token text clarification
228 Adopted  Yes  21     Allow tunnel mode IPsec too in ha-ipsec-02
227 Adopted  Yes  21     SHOULD for processing BRRs (reopening issue 210)
226 Rejected Yes  20     Reserved field settings nit
225 Adopted  Yes  21     Issue 190 resolution missed from draft 20
224 Rejected Yes  20     Gratuitous NA for link locals?
223 Adopted  Yes  21     Proxy ND and source address
222 Rejected Yes  20     De-registration from foreign link
221 Adopted  Yes  21     MAY vs may in RR token reuse
220 Adopted  Yes  21     BAD alignment vs. requirement to be at the end
219 Adopted  Yes  21     Nested encapsulation and other IPsec comments
218 Adopted  Yes  21     HA LLA discovery when returning home
217 Adopted  Yes  21     Type 0 and type 2 routing header nit

(Drafts 20 and 02 posted, IETF Last Call started on Jan 23rd)

216 Adopted  Yes  20     IPsec processing steps and HAO acceptance test
215 Adopted  Yes  20     Mobile node vs. mobile node and RO destination
214 Adopted  Yes  20     Zero vs. one minimum limit of options
213 Adopted  Yes  20     BAD alignment = 8n+2 or not?
212 Adopted  Yes  20     Make default address selection draft reference non-normative
211 Adopted  Yes  20     Routing header type 0 and 2 interworking
210 Adopted  Yes  20     Movement-related nits from Vijay Devarapalli
209 Rejected Yes  20     Problem with site-local and global prefixes
208 Adopted  Yes  20     Editorial nits from Vijay Devarapalli
207 Adopted  Yes  20     AI option not be included in MPAs
206 Adopted  Yes  20     Clarify "run MLD"
205 Adopted  Yes  20     Special case tunnel forwarding text problem
204 Adopted  Yes  20     Editorial nits from Gabriel Montenegro
203 Adopted  Yes  20     Editorial issues from Ed Remmell
202 Adopted  Yes  20     S=0 and authz check
201 Adopted  Yes  20     SPD entry problems from Greg O'Shea
200 Adopted  Yes  20     Use the mobility option #2
199 Adopted  Yes  20     Keygen token vs. nonce term
198 Rejected Yes  20     Use virtual interface to simplify MIPv6
197 Adopted  Yes  20     Remote home address discovery (B.5)
196 Adopted  Yes  20     BU rate limitation and fast handovers
195 Adopted  Yes  20     MN-HA IPsec: more details on IKE processing
194 Adopted  Yes  20     MN-HA IPsec: more details for tunnel end-point changes
193 Rejected Yes  20     MN-HA IPsec: optimized vs. simple format
192 Rejected Yes  20     MN-HA IPsec: authorization in SPD or MIPv6?
191 Adopted  Yes  20     Home Address option format and alignment
190 Adopted  Yes  20     MUST report with BE if no BCE
189 Adopted  Yes  20     Results of the security review
188 Rejected Yes  20     L bit problems
187 Rejected Yes  20     Remove random order required for DHAAD replies
186 Adopted  Yes  20     Batching of deletes and nonce indices
185 Adopted  Yes  20     Nonce indices option text improvements
184 Adopted  Yes  20     S bit unclarities
183 Adopted  Yes  20     (AD small issues) Back-off retransmission for MPS
182 Adopted  Yes  20     (AD small issues) Configured care-of addresses
181 Adopted  Yes  20     (AD small issues) Basing retranmission on DupAddrDetectTranmits of the home link
180 Rejected Yes  20     (AD small issues) Marking nodes that don't support HAO
179 Adopted  Yes  20     (AD small issues) Prefix distribution and DHAAD problems
178 Adopted  Yes  20     (AD small issues) MUST vs. SHOULD stop BRRs when BU arrives
177 Adopted  Yes  20     (AD small issues) ICMP error vs. silently drop
176 Adopted  Yes  20     (AD small issues) HAO accessible for upper layers
175 Rejected Yes  20     (AD small issues) Mobility option type range split
174 Rejected Yes  20     (AD small issues) Infinite lifetime
173 Rejected Yes  20     Length field to DHAAD reply
172 Adopted  Yes  20     Infinite lifetime and MN forgets its binding and HA
171 Adopted  Yes  20     Allow BRR from HA
170 Adopted  Yes  20     Sloppiness about overlapping coverage areas
169 Adopted  Yes  20     De-reg and failure fix
168 Rejected Yes  20     L bit is not worth the trouble
167 Adopted  Yes  20     MLD source on foreign link
166 Adopted  Yes  20     Allow DHAAD in home
165 Adopted  Yes  20     HA address in DHAAD response always
164 Adopted  Yes  20     Sequence number update / authorization order
163 Adopted  Yes  20     (AD) Run MLD
162 Adopted  Yes  20     (AD) Site-local issues
161 Adopted  Yes  20     (AD) MIPv6 and DHCP
160 Adopted  Yes  20     (AD) HA discovery single address woes
159 Adopted  Yes  20     (AD) D bit semantics
158 Adopted  Yes  20     (AD) When to start RO
157 Adopted  Yes  20     (AD) Address collision action
156 Adopted  Yes  20     (AD) Conflicts with ND specifications
155 Adopted  Yes  20     (AD) Editorial comments
154 Adopted  Yes  20     (AD) ND constants

(Draft 19 submitted to AD Review on October 30th, 2002)

153 Adopted  Yes  19     Authenticate insufficient resources -status?
152 Adopted  Yes  19     Preferred vs. valid lifetimes
151 Adopted  Yes  19     MH Type unknown and bad source address
150 Adopted  Yes  19     De-reg and failure
149 Adopted  Yes  19     Separate authorization away from home agent ipsec
148 Adopted  Yes  19     Requirements section nits and missed requirements
147 Adopted  Yes  19     Inconsistent RA and prefix rules
146 Rejected Yes  19     Preconfigured Kbm for CN BUs
145 Adopted  Yes  19     Multiple tries to different HAs and DAD
144 Adopted  Yes  19     BU or MPS as an ack of unsolicited MPAs?
143 Rejected Yes  19     BU auth method type needed?
142 Adopted  Yes  19     Sending BA errors conflict 9.4.1/9.4.4
141 Adopted  Yes  19     MPA, MPS security requirement
140 Adopted  Yes  19     Checksum or BAD calculated first?
139 Adopted  Yes  19     9.4.1 and 11.7.2 text in conflict about HAO in CN BUs
138 Adopted  Yes  19     Where to store COT cookies, in Binding List?
137 Adopted  Yes  19     Conflicts between Sections 5.2.6 and 11
136 Adopted  Yes  19     Rate limiting for RR not necessary
135 Rejected Yes  19     Use BAD optionally also for home registrations
134 Rejected Yes  19     Some (R) bits on and some off is legal?
133 Adopted  Yes  19     Clarify "correspondent node address" and "BU" for BAD calculation
132 Rejected Yes  19     Refer to draft-mkhalil-ipv6-fastra-02.txt
131 Adopted  Yes  19     No need to change nonce/Kcn if not used
130 Adopted  Yes  19     Mauro Tortonesi's editorial comments
129 Rejected Yes  19     New status code for administrative disable of RO?
128 Adopted  Yes  19     More editorial comments from Vesa-Matti Mantyla
127 Adopted  Yes  19     When can RR start, after home BU or BA?
126 Adopted  Yes  19     Rate limiting vs. exponential back-off
125 Adopted  Yes  19     RH processing order inconsistency
124 Adopted  Yes  19     MPA security resolution isn't in draft 18
123 Adopted  Yes  19     Need DHAAD and MPS/MPA security story in Sect.14
122 Adopted  Yes  19     More editorial comments from Vesa-Matti Mantyla
121 Adopted  Yes  19     Remove UID?
120 Adopted  Yes  19     Unclear issues in MPA
119 Adopted  Yes  19     Why is Kbu length 16 bytes?
118 Adopted  Yes  19     Both cookies expired -status code
117 Adopted  Yes  19     Home cookie enough for de-reg?
116 Adopted  Yes  19     BRR response when deleting BCE: lifetime or home address?
115 Adopted  Yes  19     Make BAD the last option
114 Adopted  Yes  19     What to do if HOTI/COTI tests fail? Discard?
113 Adopted  Yes  19     Nonce indices support MUST?
112 Adopted  Yes  19     Editorial comments from Vesa-Matti Mantyla
111 Adopted  Yes  19     MH is upper-layer protocol when calculating pseudo-headers?
110 Rejected Yes  19     Specify order for mobility options?
109 Adopted  Yes  19     RH0 forbidden or allowed?
108 Adopted  Yes  19     Home bindings when L=0
107 Adopted  Yes  19     MPA editorial issues
106 Adopted  Yes  19     Unclear authenticator coverage part
105 Adopted  Yes  19     State machine problem, missing Start RR
104 Adopted  Yes  19     6.2.7 claims only BUs have BADs
103 Adopted  Yes  19     Cookie lifetime clarifications needed
102 Adopted  Yes  19     Clarifications for Section 5
101 Adopted  Yes  19     Missing requirements in Section 8
100 Adopted  Yes  19     Editorial review comments from Samita Chakrabarti
99  Adopted  Yes  19     Authenticate BAs where status=137-139?
98  Adopted  Yes  19     Concatenate 0/1 before making a cookie?
97  Adopted  Yes  19     Binding Refresh Advice type number wrong
96  Adopted  Yes  19     Do new MNs get new nonces or not?
95  Adopted  Yes  19     Unclear references to RH (type 0 or 2)
94  Adopted  Yes  19     Unclear text about "address suitable for RH"
93  Adopted  Yes  19     MH length to include first 8 bytes or not?
92  Adopted  Yes  19     Reflection attack using BUs and BAs
91  Adopted  Yes  19     Status field value inconsistencies
90  Adopted  Yes  19     Clarify whether to use HAO or IPv6 Src for checksum
89  Adopted  Yes  19     Shorten MH Type field to 8 bits?
88  Adopted  Yes  19     Need to redefine MIN_DELAY_BETWEEN_RAS?
87  Adopted  Yes  19     BA length and padding wrong
86  Adopted  Yes  19     References to the refresh field still exist

(WG Last Call period terminated after this on July 16th, 2002)

85  Adopted  Yes  19     BE home address field rules unclear
84  Adopted  Yes  19     Typos in draft 18, from Brian Haley
83  Adopted  Yes  19     Clearing BC in a reboot vs. non-volatile memory
82  Adopted  Yes  19     Remove suggestions on when to do RR after BRR
81  Rejected Yes  19     Shorten mobile cookies to 32 bits and use padding
80  Rejected Yes  19     Please put back the R bit
79  Adopted  Yes  19     Too drastic collision action for link-local addresses
78  Adopted  Yes  19     HAO and ND traffic
77  Adopted  Yes  19     MH processing section (9.2.1) rewrite
76  Adopted  Yes  19     Keep appendix A (state machines) or not?
75  Rejected Yes  19     RS or NS for probing the router
74  Adopted  Yes  19     Using the CoA for some communications
73  Adopted  Yes  19     MaxRtAdvInterval and configuring advertisements off
72  Adopted  Yes  19     Forwarding from Previous Care of Address
71  Adopted  Yes  19     HA Service Discovery and MN Address Provisioning
70  Adopted  Yes  19     Is Alternate Care of Address needed?
69  Adopted  Yes  19     Security between the MN and HAa
68  Adopted  Yes  19     Security with CN needed for RO
67  Adopted  Yes  19     Miscellaneous editorial comments from Kevin Miles
66  Adopted  Yes  19     De-registration with S=0 semantics
65  Adopted  Yes  19     BA and RH usage descriptions inconsistent
64  Adopted  Yes  19     Editorial issues by Joe Lau
63  Adopted  Yes  19     Cover only basic multicast in base RFC, rest later
62  Adopted  Yes  19     Link-local CoAs and HoAs
61  Rejected Yes  19     Better justification for RR
60  Rejected Yes  19     Editorial comments from Subrata Goswami on reqs section, data structures
59  Adopted  Yes  19     Editorial suggestions from Kevin Miles
58  Adopted  Yes  19     BA/BU lifetime unit mismatch, and BA Status value mismatches
57  Adopted  Yes  19     Mike Roe's editorial comments
56  Adopted  Yes  19     DHAAD responses and bandwidth/own ip optimizations
55  Adopted  Yes  19     Editorial review comments by James Kempf
54  Adopted  Yes  19     Clarify that either IPsec or BCE is needed for HAO
53  Adopted  Yes  19     HAO keyword (reopening issue #45?)
52  Adopted  Yes  19     8.2 editorial problem

(WG Last Call period begins after this on July 1, 2002)

51  Adopted  Yes  18     Cookie lengths can be smaller?
50  Adopted  Yes  18     Lifetime issue from Hesham Soliman's comments
49  Adopted  Yes  18     New home addresses and SAs
48  Adopted  Yes  18     DAD and forwarding from a previous care-of address on the same link
47  Adopted  Yes  18     Cookie explanation editorial
46  Adopted  Yes  18     Compress Status code values for BA?
45  Adopted  Yes  17     HAO keyword same as for RO or MUST?
44  Adopted  Yes  18     Finding HA's link-layer address
43  Adopted  Yes  18     Is Refresh useful?
42  Adopted  Yes  18     {Min,Max}RtrAdvInterval
41  Adopted  Yes  18     Krishna Kumar's editorial comments
40  Adopted  Yes  18     Krishna Kumar's technical comments
39  Adopted  Yes  18     Should the HA defend the link local address of the MN?
38  Adopted  Yes  18     Is the 'S' bit needed?
37  Adopted  Yes  18     DAD rule in 10.2 for link-local only?
36  Adopted  Yes  18     Prefix sol/adv security
35  Adopted  Yes  18     Hesham Soliman's comments
34  Rejected Yes  18     CoA test also for home registrations?
33  Adopted  Yes  18     BE and lack of home address
32  Adopted  Yes  18     State machine simplification
31  Adopted  Yes  18     How to process HAO?
30  Rejected Yes  18     'S' bit and MN returning home; DAD problems (But see issue #38)
29  Adopted  Yes  18     Rate limitation of BE messages
28  Adopted  Yes  18     BRR effects on routing
27  Adopted  Yes  18     Should HAO be used in BUs to CNs?
26  Adopted  Yes  18     HOT path when the CN already has a BCE
25  Adopted  Yes  18     To use RH or not with BAs
24  Adopted  Yes  18     Option Length for PadN
23  Rejected Yes  18     S-bit and link-local address creation (But see issue #39)
22  Adopted  Yes  18     Route optimization SHOULD or MUST for CNs?
21  Adopted  Yes  17     Cookie lifetimes, one or MIN and a MAX?
20  Adopted  Yes  18     How to allow non-RR authorization?
19  Adopted  Yes  17     Editorial and technical suggestions from Samita Chakrabarti
18  Adopted  Yes  18     Prefix advertisement acknowledgement problem
17  Adopted  Yes  17     Editorial suggestions from Robert Chalmers
16  Adopted  Yes  17     Error message to give when receiving unrecognized MH Type
15  Adopted  Yes  17     Site local HoAs and tunnel protection
14  Adopted  Yes  17     Require encryption on HA-MN tunnel for MH messages?
13  Rejected Yes  18     Is the SPI field necessary? (But see a separate draft)
12  Adopted  Yes  18     State machines for CN/MN/HA behaviour
11  Adopted  Yes  18     Should HAO be used in home registrations?
10  Adopted  Yes  18     ESP vs. AH for home registrations
9   Adopted  Yes  17     Terminology (option, parameter, RR procedure, ...)
8   Rejected Yes  20     Bidding down protection
7   Adopted* Yes  17     MH formatting issues
6   Adopted  Yes  17     Reuse of nonces while moving fast
5   Adopted  Yes  17     Alternative-CoA usage rules
4   Adopted  Yes  17     Is BM authentication necessary?
3   Adopted  Yes  18     BA and BR authentication mechanism with a cookie exchange?
2   Adopted  Yes  17     NVM rules for replay protection of BUs to the HA
1   Adopted  Yes  17     Suboptions on HAO