NSA+Huawei

A joint contribution by the NSA and Huawei just removed the AES-SIV mode of operation from IEEE 802.11: https://mentor.ieee.org/802.11/dcn/14/11-14-0414-00-00ai-resolution-to-open-... Very strange bedfellows. AES-SIV was being proposed in the draft for a key wrap application. AES-CCM is now the only alternative … SIV is increasingly my favorite AEAD mode. It is more efficient over-the wire than CCM or GCM and is 'nonce safe’. Is anyone using or considering ChaCha-SIV? Nonce-safe is a very nice property - particularly for multicast applications.