Eric,
I believe that the change is being proposed so that the
md5WithRSAEncryption, sha1WithRSAEncryption, and rsaEncryption OIDs will be
used consistently in PKIX X.509 certificates and CMS signedData content
types.
RFC2459 specifies the use of the rsaEncryption OID to indicate that an RSA
public key is present in the subjectPublicKey field of a certificate.
RFC2459 specifies the use of the md5WithRSAEncryption or
sha1WithRSAEncryption OID (as appropriate) in the certificate
signatureAlgorithm field when the RSA (PKCS #1 v1.5) algorithm is used to
sign the certificate.
RFC2630 specifies the use of the rsaEncryption OID in the signedData
signerInfo signatureAlgorithm field when the RSA (PKCS #1 v1.5) algorithm is
used as part of the signature generation process.
Therefore, the RFC2630 use of the id-rsaEncryption OID is inconsistent with
RFC2459. This caused confusion with some implementers, because they assumed
that the md5WithRSAEncryption or sha1WithRSAEncryption OID (as appropriate)
would be used in the signedData signerInfo signatureAlgorithm field as they
are used in the certificate signatureAlgorithm field.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================