With respect to the RSA "rejection," I would add the impracticality in hindsight is known to be, why the hell would you want pretty good signatures on your email? A few moments thought, provides examples where one would rather that the bits at the end were not present.
Note that PKI offers two independent options:
- Encryption, by any entity (repudiable) against a well-known public key.
- Authentication, by a single entity (non-repudiable), using a secret private key.
I get the impression you're trying to say that there are times when a person would want some reasonably plausible claim at repudiation. THis is also available, and can benefit from PKI as well.
With respect to the RSA "rejection," I would add the impracticality in hindsight is known to be, why the hell would you want pretty good signatures on your email? A few moments thought, provides examples where one would rather that the bits at the end were not present.