Of course, the proper place to discuss padding and
other such issues would be an algorithm-specific standard or
specification of some type (like RFC 1115 or PKCS #1 or IS 9796).
Clearly part of the confusion here is my fault for not having provided
a new draft revised RFC 1115 sooner. I am applying the finishing
touches to a new draft which will (attempt to) describe PEM message and
certificate signatures with appropriate pointers to X.509 and PKCS #1.
I have tracked the discussion here and believe the new draft clearly
specifies the correct procedures (including justification/padding) for
generating signatures.
I will soon post it to the list for review and we can work out any
ambiguities that may remain.
-DB