> The client’s private key is not used.

This whole section is incorrect. It's called mutual TLS. The client's private key is used to prove to the server it has the private key for the public key it's handing to the server. Just like the server has to prove to the client, it has the private key to the public cert it hands out.

Otherwise there is no authentication going on at all.

See the RFC: https://www.rfc-editor.org/rfc/rfc8446 If you are unfamiliar with RFC's, see Section 4.4 and Appendix E.1, which talk about client auth and the handshake respectively.

> I asked because X509 certificates are complex and difficult to securely parse

Yes, but that's why PG relies on OpenSSL to do that work for them. It's widely deployed, even using client certificates. X.509 is used with client certificates by at least 3.5M active personnel with the US DoD via their Common Access Card, as one widely used example.

> Also mTLS is rarely used.

Mutual TLS or client auth is not often used in the browser context, because the browsers have miserable UX around it. I wish that would change, but I'm one of the very few.

It's regularly used outside of the browser context though. Lots of B2B and Service Oriented Architectures use it.

Without that there is still authentication: clients who don’t presents a certificate signed by CA are refused. A weaker form of authentication is who ever presents a signed certificate connects, regardless of whether they hold the private key or not. In practice, these two are packed into a p12 certificate anyways, at least browsers.

Interesting that defense industry uses mTLS. It’s a pitty because the UX could be good: no need to route the entire traffic by a VPN. Simply have a certificate in the browser and the user will have access with no further action or setup.