Why does LE encode the X.509 “Name” type as a list of one-member RelativeDistinguishedName (RDN) objects, rather than as a single RDN that contains all of the attributes?
For example, a parse of the Issuer in a certificate that I have is:
@schoen No, I don’t know of any CAs that issue certificates using multi-value RDNs (RelativeDistinguishedNames).
Incidentally, apparently if you write “+” instead of “/” as a separator in a DN string notation, that indicates a multi-valued RDN:
/O=My Organization/OU=My Dept+GN=John+SN=Doe
My inquiry was just for curiosity, why this is an apparently standard practice when there doesn’t seem to be any particular reason why the values would be in separate RDNs—other than the comparison logic that I proposed earlier.
Hi @FGasper, that’s an interesting question but most of the people who spend time on this forum are more specialized in ACME and web server configuration stuff than this kind of thing, so I predict it may be more fruitful to try your question again on an X.509/PKI related forum.