The documentation now contains a NTPHonorCipherOrder option, so this is
not TBD.

The TLS 1.2 "ciphers" vs. TLS 1.3 "ciphersuites" thing is specific to
TLS.  It does not apply to AEAD.  AFAIK, there is no built-in support
for AEAD cipher strings anyway.

NTPHonorCipherOrder controls the negotiation of the AEAD cipher which is
used for NTP traffic.  The cipher used for the cookie is entirely
separate and at the whim of the server.

If the user specifies a NTPCipherSuite string, they need to include
AEAD_AES_SIV_CMAC_256 if they want it.  Otherwise, if it is implicit,
as the document previous said, this would preclude the user from
disabling AEAD_AES_SIV_CMAC_256 in the future, should that become
necessary.