The key size warning

[Robert J. Hansen]

> I have to disagree with you, Werner. The current warning appears to
> discourage users from generating 2048 bit and greater keys. There's really
> no necessity for doing so.

I'm with Len on this one.  Frankly, given that generating and using
2048-bit keys on modern hardware is no more taxing than generating and
using 1024-bit keys five years ago, I think it's entirely appropriate to
change the default keysize as a way of buying us a little extra security
from any further unexpected surprises.

> I also think that 768 bit keys shouldn't be permitted to be generated.

Here I disagree--it's possible that there are circumstances or
conditions in which moving up to 2k keys is not possible.  One company I
worked at had code which was hardcoded to require 768-bit keys.  There
are legacy and just plain badly-designed systems out there, and we
should permit keys to be generated which will interoperate with them.

768-bit keys should, IMO, flag a warning about "This key is far below
the recommended keysize".  But that's it.