I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes "Geneve," a protocol for GEneric NEtwork
Virtualization Encapsulation. The document is written in a clear manner and
with a thorough Security Considerations section. I have just a few
questions/comments:

- Section 3.4: The "MUST ignore" for the reserved bits should presumably
state "SHALL be ignored for this version of the Geneve protocol." - as I
imagine that in a future version, these bits may not be ignored?
- Section 3.5.1: I wonder about the simultaneous requirement that one
option must not affect the parsing or interpretation of another option but
that the sequencing (order) of options may be significant - they seem to be
contradictory since if the sequencing *is* significant, then some option
must be impacted by a previous one's value? From a security perspective, I
also wonder if there could be security consequences of re-ordering options
(and how to tell if someone did re-order - see below)?
- Section 6.2, shouldn't such an Option be defined to reduce the risk of
under-specified or subpar specifications of such integrity mechanisms? Or
also from an interop perspective?

Thanks.
-- Magnus