RFC 2986 (PKCS #10: Certification Request Syntax Specification Version
1.7) describes a vulnerability related to an unsigned CSR:

"The signature on the certification request prevents an entity from
requesting a certificate with another party's public key. Such an
attack would give the entity the minor ability to pretend to be the
originator of any message signed by the other party. This attack is
significant only if the entity does not know the message being signed
and the signed part of the message does not identify the signer. The
entity would still not be able to decrypt messages intended for the
other party, of course."

Another vulnerability could arise if unsigned CSRs weakens non-
repudiation. Let's suppose that Alice is requesting a certificate and
does know that the CSR will go unsigned to the RA/CA. After the
certificate is issued, she repudiates a purchase statement signed with
the private key saying that "she didn´t have access to the private
key" or "she didn't control it". Will an impartial observer (say, a
judge) consider reasonable this declaration?

JHAF

On Mon, 21 Jul 2008 07:54:57 -0700 (PDT), JHAF gmail.com> wrote:
[snip]

How will signing the CSR affect the plausibility of Alice's claim?
In particular, if Alice is claiming that some bad guy signed the
purchase statement, can't she also claim that some bad guy signed
the CSR?

On 21 jul, 13:28, Peter Pearson wrote: