Actually the rfc specifies that keys 512 to 2048 bits must be verified so I think there is a grey area and there is this long-lived key caveat as well.
I think if we can make a rule that fires on <1024 bits it's would be good. The score may not be much but it could be helpful. Regards, KAM On January 12, 2015 8:06:00 AM EST, Mark Martinec >It would be wrong to assign score to short keys.
