@ErikvanStraten @0xF21D @malanalysis

This is not an exclusive-or choice.

In fact, if there were a hypothetical technology that allowed the user to use a certificate for authentication, and manage it in a key ring and sync it safely between browsers, you'd still need your human user to opt in to use it, to demand sites provide it and to be knowledgeable enough to keep the cert secret.

They'd also need to know to not fax their cert to bad guys.