When creating a client server connection what is the benefit of using client certificate on the client side? "AuthenticateAsClientAsync".
I couldn't find details about this
More details about the project: This is the first time I am working on my own SslStream. I've never had to deal with it directly. I have client that connects and sends updates through a socket connection. I have create a POC that works in a few ways. The server always presents a Certificate for the security
sslStream.AuthenticateAsServer(x509Certificate, EnableCertificate, SslProtocols.Tls12, false);
But I have made it work were the doesn't client needs to present a valid cert. It all works.
Is it only that we can identify this client is a known client?
Client certificate are a form of authentication. There are other ways, like a password. Client certificates have the advantage that they are much stronger: The secret never gets exchanged. Instead the proof of possession of the secret (private key) is done by signing server defined data. Additionally it is resistant against man in the middle even at the TLS level, i.e. will no longer succeed if there is some TLS intercepting corporate proxy or similar monitoring the traffic.
Does it add extra encryption when the server sends data back to the client?
No, this is only about authentication. The encryption provided by TLS should be already sufficient too.
What is the downside of not requiring a client certificate
This depends on what is used instead. If strong authentication is needed but only weak authentication (simple password) done, then this is clearly a downside.
Using client certificates has its downsides too. They need to be managed, might need to be replaced from time to time, need to be delivered in a safe way to the client. This management can add complexity.
The server always presents a Certificate for the security
Proper server authentication is essential in order to make sure that the encryption is not done with an attacker, but the intended server. Client authentication (no matter if certificate or password) is a different use case though: it is needed to find out who the client is in order to apply proper access control in the application.