There is a third major challenge to dual-stack that isn't addressed in the document: differing network security models that must deliver the same result for the same collection of hosts regardless of whether Ipv4 or v6 is selected. I can throw a COTS d-link box with address-overloaded NAT on a connection and have reasonably effective network security and anonymity in IPv4. Achieving comparable results in the IPv6 portion of the dual stack on each of those hosts is complicated at best.
Actually, it isn't particularly hard at all... Turn on privacy addressing on each of the hosts (if it isn't on by default) and then put a linux firewall in front of them with a relatively simple ip6tables configuration for outbound only. (The linux firewall could be as simple as a WRT-54G running dd-wrt or such). Owen