Just to be clear, the OID is included within RFC 1423, in Section 2,
which describes both the MD2 and MD5 message digest algorithms, cites
the RFCs, 1319 and 1321, respectively, AND includes the OIDs.
Section 2 specifies the OID for "md2" whereas section 4.3.1 talks about
"md2WithRSAEncryption." In the specification of md2WithRSAEncryption
in 4.3.1, the OID is specified as iso(1) member-body(2) US(840)
rsadsi(113549) pkcs(1) pkcs-1 (1) 2.
I think changing 4.3.1 to say the right thing would be helpful.
Raymond-
No, Section 4.3.1 already says precisely the "right thing". It
specifies the OID for the md2WithRSAEncryption **signature
algorithm**. This OID is used in the signature AlgorithmIdentifier
components of signed certificates and CRLs.
You should not confuse that OID with the one specified in Section 2 for
the md2 **message digest** algorithm. The md2 OID is the one that should
be used in the digestAlgorithm component of the SEQUENCE used when
applying RSAEncryption to a MIC.
-DB