Not sure how many from Let’s Encrypt read m.d.s.policy, but it seems StartCom don’t actually check submitted CSRs to see if they were really signed by the private key corresponding to the public key in the request.
This creates the embarrassing, definitely undesirable, and possibly dangerous scenario in which a subscriber can get certificates for someone else’s key pair, albeit only for names they (this subscriber) actually control. It is not, so far as we can tell so far, prohibited by the BRs or by trust store policy, but it seems like a terrible idea, I want to check Let’s Encrypt doesn’t have the same issue.
So, does Boulder verify the CSR with public key A is signed by the corresponding private key B ?
Yep. This recently came up here when someone tried to submit a CSR with the public key of Let’s Encrypt’s intermediate certificate (due to a client bug).