|
|
|
|
|
|
by judge2020
1423 days ago
|
|
|
Perhaps TLS client certificates are unpopular because pretty much everyone uses some sort of anti-ddos or caching server in front of their services (cloud load balancers, fastly, akamai, cloudflare) so any TLS client certificate authentication and validation has to be baked into the service[0] (another possibility could be the service encoding the client's information and shipping it to the origin server via headers). Another options for companies is only signing request bodies and validating a request signature in the header like discord does[1]. 0: https://developers.cloudflare.com/api-shield/security/mtls/c... 1: https://discord.com/developers/docs/interactions/receiving-a... |
|
|
Besides, it would be fairly easy to implement at a cdn layer. Just give it a list of valid CAs, and have it set some header.
The real reason is that UI challenges for client certs are really hard. You can see it in the fact that people actual do use client certs in server to server communication (e.g. like between cache and backend)