AES, like SHA-x, has been designed as a backdoor - and that's what this report acknowledges: the value of a long-lasting backdoor.

It lasted long, not much because it's so solid but rather because the "trusted" crypto community, like academia, is controlled via DoD contracts and grants.

Yet, these good times are over because many State-nations have realized how much their blind trust in the US has been costing them.

In 2015, Admiral Rogers explained that "shady backdoors" should be replaced by a (necessarily unbreakable*) "frontdoor" to restore trust in an international framework.

(*) something well-documented by decade-old public-sources that Bruce nevertheless persists to call "Snake Oil" in a conference where the Head of NSA and US CyberCommand feels the need to say that "we lie when we claim it's impossible to make a frontdoor".

As the US "free and open markets" decided otherwise, the window of opportunity has been lost by the US NIST and its private-sector partners.

It was not meant to be that bad. The involved people are entirely responsible for this "Cyber market failure" (an expression coined by The Economist) and their lack of the most basic honesty towards their own Nation is the only thing to blame.

The "one true cipher suite" fait accompli was in a a certain sense a suspect goal of the AES challenge, and while I am a firm believer in choices and alternatives rather than one and only one "my way or the highway," a lot of good alternative ciphers did come out of the AES process, which were not otherwise forthcoming to the public domain.

The other four finalists in the AES competition, Twofish, MARS, Serpent, and RC6, (other than the winner, Rijndael,) are all excellent choices, well documented and publicly peer reviewed.

There are settings on, say, web browser or server software (or other SSL or TLS enabled applications) to enable or prefer certain ciphers other than AES, or even refuse service to AES-only clients depending on the situation. If you don't "like" AES.