Recently, I had to implement a client that supported cert based mutual auth. I searched a bit in both Twisted and treq but didn't find an existing implementation (maybe I missed it), so I implemented a custom IPolicyForHTTPS. It was pretty easy, and though it needs more testing, seems to be working well. My question is whether this would be of interest as a PR to Twisted itself (or a project under that umbrella)? The use case comes to mind is IoT (though it isn't the only one), and a specific example is the AWS IoT API: http://docs.aws.amazon.com/iot/latest/developerguide/authorization.html Cheers, -Jason Litzinger