Normally, a content creator is in the best position to know how strong the protective signing ought to be on their content. Thus, a content creator can choose weak or strong cryptography, and a content consumer would normally accept that. There MAY be applications where the content consumer chooses to reject weak cryptography, but that is not envisioned as the common use case.