It might be useful to limit the --min-rsa-length by a start date computed from the creation date of the key.
I see the use to have an option to have a stricter "min-rsa-length", and which will be useful even in the future e.g. for 4096.
But I think an additional date parameter there would overly complicate things. As for RSA-2048 deprecation with a start date by creation date, I think we can directly implement that when compliance de-vs is set and not depending on an option as I would see this as a hard compliance requirement.
It turned out that this does not make much sense.
Note that it is already possible to restrict the required RSA size in de-vs mode using the config file:
# From 2024-01-01 on we require at least rsa3000 [if $_epoch >= 1704067200 ] min-rsa-length 3000 [fi]