I wrote a while back about moves in the browser world to deprecate client certificate authentication. Things have moved on a bit, and at work today I did a presentation and community discussion about the issue and what we’re going to do about it. (Summary: in the near term, we’ll be adopting OpenID Connect to centralize the actual authentication piece of this, which will allow us to swap in other mechanisms — or delegate the actual authentication to someone else — as alternatives become available.) My slides are available although (because of the room it was held in) neither the talk itself nor the discussion afterward were recorded.