It looks the developer gave up the plan to implement client cert authentication for the ownClous tools and the mobile apps. That is very bad. :(
The client cert authentication is the only way to protect ownCloud with open standards (X.509/TLS) and an additional ownCloud independent security layer. OTP is nice, but if an attacker identify weaknesses/vulnerabilities in public accessible php scripts of the web application it can be exploited also with OTP or other application based security functions. With client cert authentication it can be protected completely on the webserver side (outside and independent of the php layer!). And with client cert authentication there is no stress to immediately update the software after a PHP based vulnerability was disclosed.
Are there any plans to integrate the client cert authentication in the next future?