This also looks line something to do with "certificate based authentication", which is very rarely (0.00001%) used on public facing services.
In short, when connecting to a web-site most of the time, the person connecting to the site only verifies that the site is legit.
In "certificate based auth" the site also confirms that the person connecting is legit. For that to happen, anyone connecting to the site would have to have been provided their own certificate to connect to the site and configured their system to use that certificate.
Naturally this would be a hassle and impossible for many sites, so almost every site doesn't use "cert-based auth".
Work in IT. From what I read I agree.
This also looks line something to do with "certificate based authentication", which is very rarely (0.00001%) used on public facing services.
In short, when connecting to a web-site most of the time, the person connecting to the site only verifies that the site is legit.
In "certificate based auth" the site also confirms that the person connecting is legit. For that to happen, anyone connecting to the site would have to have been provided their own certificate to connect to the site and configured their system to use that certificate.
Naturally this would be a hassle and impossible for many sites, so almost every site doesn't use "cert-based auth".