NSA+Huawei

[nymble]

A joint contribution by the NSA and Huawei just removed the AES-SIV mode of operation from IEEE 802.11:
     https://mentor.ieee.org/802.11/dcn/14/11-14-0414-00-00ai-resolution-to-open-security-comments-not-related-to-siv.docx

Very strange bedfellows. 

AES-SIV was being proposed in the draft for a key wrap application.  AES-CCM is now the only alternative … 

SIV is increasingly my favorite AEAD mode.  It is more efficient over-the wire than CCM or GCM and is 'nonce safe’.  

Is anyone using or considering ChaCha-SIV?   Nonce-safe is a very nice property - particularly for multicast applications.