eh. Client certs are better in theory. Client certs have lots of complexity that's not necessarily easily solved. If you control both ends, then most of the complexity is easily solved, but if you don't, then client certs get much harder.
FIDO2 is arguably a much better way to deal with this provable identity problem. The UI for FIDO2 has been worked out and is good enough, etc. The big problem is, it requires handing people Yubikeys(or similar devices).
FIDO2 is arguably a much better way to deal with this provable identity problem. The UI for FIDO2 has been worked out and is good enough, etc. The big problem is, it requires handing people Yubikeys(or similar devices).