I agree. I remember wondering if dropping support for symmetric encryption
was going to be a problem, but couldn't come up with a reasonable reason to
keep it (aside from esthetics :)).
[...]
There turns out to be a few classes of organization for which key management
via public key certificates is unattractive. Some simply don't want to
bother, and are satisfied with manually managing encryption keys or pass
phrases for particular channels. Some already have a security policy which
handles symmetric keys but not public key certificates. At least one
potential customer wants encryption, out of band key management, and
repudiability. This last one is hard to do with certificates :).
There are two other reasons for using symmetric encryption (or at least not
using public-key encryption):
1. The need to run encryption on slow, old iron. At the moment it looks like
medical information for doctors in NZ will be encrypted using shared
symmetric keys, since a great many doctors are still using '286's (if that)
and don't want to wait several minutes longer than it already takes to
perform a transaction against remote medical information databases.
2. Marketing. This is a stupid reason, but a valid one. You can sell someone
a cheap symmetric-key based system and then spend a lot of effort telling
them how much better this not-so-cheap PKC-based system is. In some
cases this seems to be the only way to bootstrap people into using (or,
more specifically, paying to use) any form of advanced crypto security.
Peter.