Burt,
I think having the user self sign a request is a good idea,
for various reasons. It is true that the user cannot generally know
the serial number to assign and probably cannot accurately assign
a validity interval either. In many cases I expect the user to know
the issuer DN as it will be superior to the subject DN, but I admit
there is still some room for uncertainty.
Nonetheless, I think Dave Balenson made a good point in that
if one were to compose a complete certificate, but with trivial values
for the fields he can/does not know, the retention of the certificate
format might make processing easier (especially for folks who have to
hand code ASN routines?). Because the certificates were self signed,
and if we assigned a static, obviously obsolete validity period, there
should be no opportunity for confusion between these and valid
certificates.
Steve