RFE: Support for AES-SIV (RFC 5297)
The upcoming Network Time Security [1] standard will probably use AES-SIV (RFC 5297) for authenticating NTP packets. Currently, it doesn't seem to be supported in the most popular crypto libraries. There is an implementation using OpenSSL [2].
Please consider adding AES-SIV support to gnutls, either directly, or via nettle (which already supports CMAC). It will allow NTP implementations to support NTS.
[1] https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp