"Pawling, John" <John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com> writes:
RFC2459 specifies the use of the rsaEncryption OID to indicate that an RSA
public key is present in the subjectPublicKey field of a certificate. RFC2459
specifies the use of the md5WithRSAEncryption or sha1WithRSAEncryption OID (as
appropriate) in the certificate signatureAlgorithm field when the RSA (PKCS #1
v1.5) algorithm is used to sign the certificate.
RFC2630 specifies the use of the rsaEncryption OID in the signedData
signerInfo signatureAlgorithm field when the RSA (PKCS #1 v1.5) algorithm is
used as part of the signature generation process.
RFC2459 requires a unified OID because there's only one place to specify both,
the signatureAlgorithm field. RFC2630 splits this so there's on OID for the
hash algorithm and another for the signature algorithm. Both usages are
consistent, it doesn't seem a good idea to force RFC2630 into an inconsistent
usage just to make it look like RFC2459.
Peter.