Why does LE encode the X.509 “Name” type as a list of one-member RelativeDistinguishedName (RDN) objects, rather than as a single RDN that contains all of the attributes?
For example, a parse of the Issuer in a certificate that I have is:
48:d=2 hl=2 l= 74 cons: SEQUENCE 50:d=3 hl=2 l= 11 cons: SET 52:d=4 hl=2 l= 9 cons: SEQUENCE 54:d=5 hl=2 l= 3 prim: OBJECT :countryName 59:d=5 hl=2 l= 2 prim: PRINTABLESTRING :US 63:d=3 hl=2 l= 22 cons: SET 65:d=4 hl=2 l= 20 cons: SEQUENCE 67:d=5 hl=2 l= 3 prim: OBJECT :organizationName 72:d=5 hl=2 l= 13 prim: PRINTABLESTRING :Let's Encrypt 87:d=3 hl=2 l= 35 cons: SET 89:d=4 hl=2 l= 33 cons: SEQUENCE 91:d=5 hl=2 l= 3 prim: OBJECT :commonName 96:d=5 hl=2 l= 26 prim: PRINTABLESTRING :Let's Encrypt Authority X3
Why are there three separate SETs, rather than one single SET that contains the countryName, organizationName, and commonName?
Is it to simplify matching, so that the “distinguishedNameMatch” algorithm isn’t needed?