BOL could have answered your question with minimal effort but since you're being lazy and I'm feeling generous I'll copy and paste for you.
Under Windows Authentication, each server instance logs in to the other side using the Windows credentials of the Windows user account under which the process is running. For this reason, Windows Authentication requires that SQL Server services must run as domain users in trusted domains or as network services.
To authenticate both ends of a connection, Windows Authentication uses the credentials of the Windows user account on which the SQL Server instances are running. Therefore, the user account of each server instance must have the permissions needed to log in and send messages to each of the other server instances.
In some situations, such as when server instances are not in trusted domains or when SQL Server is running as a local service, Windows Authentication is unavailable. In such cases, instead of user credentials, certificates are required to authenticate connection requests. The mirroring endpoint of each server instance must be configured with its own locally created certificate.
You have just created extra work for me now because I'm going to go and change my signature :-)
Measure twice; cut once (and have a good saw)
Hey, just a thought.....did you check Books Online yet?