diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki
index 3b67f40..6f466f1 100644
--- a/tech/cia-do-dont.wiki
+++ b/tech/cia-do-dont.wiki
@@ -77,3 +77,5 @@ This is the CIA list of dos and donts.
   - DH and ECDH is prefered for perfect forward security
 * Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA 
   - Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits)
+* Authentication via TLS 1.2 *must* include the use of certs by both parties
+* Authentication via TLS 1.2 *must* validate the cert