%% You should probably cite draft-bishop-httpbis-http2-additional-certs instead of this I-D.
@techreport{thomson-http2-client-certs-01,
    number =    {draft-thomson-http2-client-certs-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-thomson-http2-client-certs/01/},
    author =    {Martin Thomson and Mike Bishop},
    title =     {{Reactive Certificate-Based Client Authentication in HTTP/2}},
    pagetotal = 19,
    year =      2016,
    month =     jan,
    day =       22,
    abstract =  {Some HTTP servers provide a subset of resources that require additional authentication to interact with. HTTP/1.1 servers rely on TLS renegotiation that is triggered by a request to a protected resource. HTTP/2 made this pattern impossible by forbidding the use of TLS renegotiation. While TLS 1.3 provides an alternate mechanism to obtain client certificates, this mechanism does not map well to usage in TLS 1.2. This document describes a how client authentication might be requested by a server as a result of receiving a request to a protected resource.},
}