In ASYM_ENCRYPT, when a new member joins, it sends a JOIN-REQ to the coordinator (unencrypted, as it does not yet have the secret key).
The coordinator skips decryption, creates a JOIN-RSP, and sends it to the joiner unencrypted. The reason is that the joiner doesn't yet have the secret key, so it couldn't possibly decrypt the JOIN-RSP and install the view.
(This is btw not a security issue as subsequent messages are encrypted and a rogue member would not be able to decrypt them. However, a rogue member would be able to join the cluster.
To prevent this, the JOIN-RSP sent by the coordinator to the joiner will be encrypted. The joiner will not be able to decrypt it and simply drops it, but it also asks the keyserver (coord) for the secret key. Once the secret key has been received, the (retransmitted) JOIN-RSP will be received, decrypted with the received secret key and the view can be installed.