I downloaded this so-called "report". It doesn't even mentions PGP. Gotta wonder why the 007 wannabe "experts" and the Big Business (BSA) want you to only use 90 bits for your keys and why they've never heard of PGP...
Anyone who listens to crypto advice from people who's purpose in life is to listen to *YOU* gets what they deserve. I'll stay with PGP which has a 2048 bit key.
The group of 7 in question are definitely not `wannabes'. They are about as knowledgeable a group as you could find outside of the NSA. The report discussed the length of key needed for *symmetric* crytosystems. As this pertains to PGP, it uses a 128 bit session key for the IDEA symmetric algorithm. Not 2048. Their recommendation was for a *minimum* of 90 bit keys for data that must remain private for any length of time. Given the calculations they stated, this seems reasonable. Richard Coleman coleman@math.gatech.edu