Taking all these factors into consideration, I would suggest that the *minimum* size of the RSA modulus available for PGP is 1024 bits with a minimum ceiling of 2048 bits (or even more). If for performance reasons on certain platforms 1024 is deemed impossibly slow, then a lesser number of bits ought to be permitted *provided* that the security level for any key length under, say, 768 bits is clearly labeled "TOY GRADE".
While I agree that keys of greater lengths out to be made available for those fortunate enough to possess platforms powerful enough to use them, your choice of words--'TOY GRADE'--is, perhaps, unfortunate. Every user of PGP has different reasons for needing/wanting encryption, & not all users need the sort of protection that can withstand a determined attack mustered by cryptographic experts. Some users, frankly, just don't like people snooping into their private mail, & therefore use PGP encryption as an 'envelope'. Sure, the 'envelope' can be 'steamed open', but it's not likely to be worth the trouble if you have no major secrets to conceal...