[EXTERNAL] RE: enforcing mutual auth from the client

[Sands, Daniel]

> > It is not clear what threat model warrants taking special action when
> > the client certificate is not requested.  It could equally be
> > requested and then largely ignored.
> 
> A client in a highly secured network knows that every server it connects to will
> require a client certificate.  If the request fails to arrive, it's either a
> misconfiguration or a compromised server.  In either case, the client prefers to
> fail and make the user aware of a problem rather than risk compromising
> sensitive data with the user unaware that there was unexpected behavior.
But as noted, even a compromised server can ask for client credentials and then ignore them.  So in your threat model, the client might think it is talking to a legit server just because it asks for a certificate like it's "supposed to".  But will happily be exchanging sensitive data with this compromised server.