Terry,
Thank you for reporting that the cmsalg-02 proposal to require the use of
the md5WithRSAEncryption or sha1WithRSAEncryption OID (as appropriate) in
the signedData signerInfo signatureAlgorithm field when the RSA (PKCS #1
v1.5) algorithm is used as part of the signature generation process is
incompatible with the Netscape Communicator S/MIME (CMS) implementation.
Based on that fact, I agree that the son-of-RFC2633 S/MIME v3 Message Spec
should mandate the use of the rsaEncryption OID in the signedData signerInfo
signatureAlgorithm field when the RSA (PKCS #1 v1.5) algorithm is used as
part of the signature generation process.
===========================================
John Pawling, John(_dot_)Pawling(_at_)GetronicsGov(_dot_)com
Getronics Government Solutions, LLC
===========================================