This is more of a question to the WG. I'll make a formal change
suggestion if the folks here think it is warranted.
2440 came out in 1998, and included some general recommendations as to
minimum key size: 768 bits for all of DSA, RSA, and Elgamal. Today, 6
years later, I doubt these values would be used, even as minimums.
My intent is not to get into a discussion as to algorithm strength,
and the best key length to use, etc, but to ask if *any* static
recommendations as to key length are useful. I expect the new RFC
will be around for a good long time, and over that lifespan, the state
of the art in attacks will undoubtedly improve.
The draft already contains a note in the security considerations
section reminding people to check the current literature for recent
algorithm news. Perhaps that is sufficient.
David