The specification allows the encryption and integrity options to be enabled independently. This increases system complexity. The design goals may therefore need an explanation, as the encryption and integrity options probably could have been implemented as one option.
Keeping encryption and integrity as separate options, allow users to have confidentiality, without the inherent overhead of enabling integrity checks. It also makes it possible to use the integrity option in countries where there are restrictions on the use of encryption (e.g. France and Russia).
The encryption and integrity specifications also provide option-codes for disabling the options once they have been enabled. This also increases complexity, and it demands that the parties always remember to switch encryption back on when required. It is therefore not recommended that a human client is given the choice to turn encryption off. On the other hand, a computer program client, can use this choice to save processor time. A computer program will never ``forget'' to switch encryption on when needed.