LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What is mutual authentication, and how does it combine the two one-way flows?

Both parties authenticate each other in one interleaved exchange — each sends a challenge and each verifies the other's response.

It merges client-side and server-side authentication into a single round-trip-efficient flow:

  1. Server → Question1
  2. Client → Answer1 + Question2 (answers the server and challenges it back)
  3. Server verifies, → Authenticated1 + Answer2
  4. Client verifies → done.

Now both sides have proven their identity to the other. Neither is talking to an impostor.

Why it matters: one-way auth leaves a gap. If only the client authenticates, it might be handing credentials to a fake server (phishing). Mutual auth (e.g. mTLS) closes that — the client also confirms the server is genuine.

Tip: Mutual auth is standard in high-security and machine-to-machine settings (mTLS, smartcards). The clever part is piggybacking the second challenge onto the first response to save a round trip.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: May 31, 2026