Comment 8 for bug 237391

Neal said: "I agree that using a longer default key length in RSA (and in DSA also) is a good idea at this point." I agree on RSA, but note that keys longer than 1024 bits are not permitted by the DSS. From past conversations with people who have better Real Cryptographer credentials than I, I understand that this is because there are other avenues of attack that do not scale with key size (at least not in the same way), so there's little point in longer keys.