Padding in the context of signature algorithms

[Wolfgang Schneider <schneiw@xxxxxxxxxxxxxxxx>]

I came accross the following detail: The part 1 draft defines
{md2,md5,sha-1}WithRSAEncryption as signature algorithms in
conjunction with RSA, for example. In case of md2 and md5,
reference is made to PKCS#1. PKCS#1 describes in detail how the
RSA-input is to be padded to the length of the RSA modulus. 
In case of sha-1, reference is made to OIW. I can't remember 
that anything is said there about padding. Shouldn't this be 
addressed somewhere? 

The reason I ask is that people here are going to specify a 
signature producing smartcard (in the context of the German 
digital signature law) where they require that the smartcard
itself produces a random padding in order to obtain unique
signatures. Such a smartcard would obviously not be able to 
generate a PKCS#1-formatted signature. But I'm not quite sure 
whether it could be used for other algorithms in the context
of PKIX. I would like to argue with these people whether or not
such a requirement would be in contradiction to current internet
practises and specifications, but I can't draw the arguments from 
the current specs. In general, I think that any specification
of use of algorithms in PKIX should have the same level of detail 
as PKCS#1.

I also lost the track to the OIW activities, and no reference 
is given in the draft. The latest I have is the stable agreement 
from 06-95. Does anyone know where I can find the latest OIW 
specs?

Regards

Wolfgang Schneider