The client can validate the entire certificate chain because it must have the root CA(s) in its root certificate store already.
Sending the root certificate only increases the TLS message size and adds latency. The TLS client doesn't need the root CA certificate because it must only trust the root CAs in its own root certificate store anyway.
Here are some 3rd party pointers on the topic that I've collected:
-
https://community.qualys.com/thread/11026 ("If the client does not have the root in their trust store, then it won't
trust the web site, and there is no way to work around that problem.
Having the web server send the root certificate will not help -- the
root certificate has to come from a trusted 3rd party (in most cases the
browser vendor).")
-
https://certsimple.com/blog/https-certificate-chains ("The top level, or 'root' certificates are normally trusted because they came with your OS or browser. ... When your browser visits an HTTPS website, it checks the signatures
of that site's certificate, and then checks the parent certificate. It
keeps checking certificates until it hits the root certificate, stored
in whatever trust store you're using.")
-
https://blog.hboeck.de/archives/847-Incomplete-Certificate-Chains-and-Transvalid-Certificates.html ("a common issues is that people unneccesarily[sic] send the root certificate, which doesn't cause issues but may make things slower")
BTW: The Baseline Requirements do not allow that a server certificate is signed directly by a root certificate. (See the certsimple blog post for the explanation.)