If he's receiving something very large, I would expect (from
netiquette) that large thing to have a very small distribution
list. In that case, the recipients are known and presumably their
performance preferences are also.
I think your last sentence crosses an important threshold and may have
fairly bad consequences. It's indeed true that I can't send
*anything* to you that's encrypted unless I know important things
about you, viz your public key and your e-mail address. However, I
don't feel at all comfortable suggesting that I need to know whether
you can handle EDE3 as easily as EDE2. This means I have to build up
and maintain this extra piece of information, and there's no good
infrastructure for doing so.
Further, the vast majority of people are not in a position to know
whether EDE2 is good enough. I think it's our responsibility to say
something useful in this arena. If EDE2 is good enough, then we ought
not be shy about using it. If EDE2 is not good enough, then we ought
not promote it.
Steve