I think what is confusing me is the terminology used for the signature, the
signed object, etc. in Annex A.1. Might I suggest the following changes?
"There is also some ambiguity in X.509 with regard to the representation of
a signature (i.e. encrypted digest). The interpretation selected in PEM
requires that the digest is padded as specified in RFC 1115, and the result
is encrypted to form the signature, which is then ASN.1 encoded as a BIT
STRING."
As Burt pointed out, the fact that the ASN.1 encoding of an OCTET STRING is
not actually present in the signature block can be finessed; e.g. one can
say that the padding process uses as inputs the contents octets of the
encoding, along with (implicitly) the length.
Regards,
Rich