The MUST is that if you use RSA, the key length is >= 2048 bits. The protocol supports any public key encryption scheme, and ECDH is listed as an option as well. Similarly, AES-CBC+HMAC-SHA is one possible authenticated encryption scheme. The others you mention would work just fine as well.
Changing the crypto algorithms wouldn't make the protocol much simpler, IMO. If you have suggestions for simplifications (while preserving ANTP's security) I'd like to hear them. Simplicity was one of our design goals, and when compared to the other options referenced in the paper, I think we succeeded.
In response to Sami's comments on ANTP:
The MUST is that if you use RSA, the key length is >= 2048 bits. The protocol supports any public key encryption scheme, and ECDH is listed as an option as well. Similarly, AES-CBC+HMAC-SHA is one possible authenticated encryption scheme. The others you mention would work just fine as well.
Changing the crypto algorithms wouldn't make the protocol much simpler, IMO. If you have suggestions for simplifications (while preserving ANTP's security) I'd like to hear them. Simplicity was one of our design goals, and when compared to the other options referenced in the paper, I think we succeeded.