Sorry, I don't follow you. CTR has 3 inputs: the messge, the key, and the nonce/IV. Are you calling the nonce a key? It doesn't make sense to me, because the nonce is public, a key is not.
I understand that not reusing keys and using the same nonce can be secure, but it is impractical.
I agree that proofs may be not enough, but they don't hurt, either. If a have a choice between something proven secure and something that is probably secure, but may be not, it's a clear choice to me.
If the protocols you've seen are a mess, then it's the protocols fault, not of the technique.