Mutual authentication

It refers to two parties authenticating each other suitably.

In technology terms, it refers to a client or user authenticating themselves to a server and that server authenticating itself to the user in such a way that both parties are assured of the others' identity.

Typically, this is done for a client process and a server process without user interaction.

Mutual SSL provides the same things as SSL, with the addition of authentication and non-repudiation of the client authentication, using digital signatures. However, due to issues with complexity, cost, logistics, and effectiveness, most web applications are designed so they do not require client-side certificates.

This creates an opening for a man-in-the-middle attack, in particular for online banking.

Read the rest of the article here