We currently do not perform any certificate validation or length checking for the bw auths. We should do one or the other, or both.