From the mail discussion we had in December, it's pretty clear to me that
key sizes from 1024-2048 ought to be the MUST and other key sizes are MAY.
I'm suggesting the following text:
Key sizes from 1024 bits to 2048 buts MUST be supported. Keys sizes larger
than 2048 MAY be supported.
Should we put a MUST NOT or SHOULD NOT in for key sizes smaller than 1024?
I think we ought to be forgiving on receive. Thus, I suggest:
Message originators SHOULD NOT use key sizes smaller than 1024 bits
for private key operations.