cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
149
Views
0
Helpful
1
Replies

MAR and its relation to Binary Certificate Comparison...

rezaalikhani
Spotlight
Spotlight

Hi all;

Look at the following statement from Cisco's official SISE 300-715 book:

rezaalikhani_0-1725994087718.png

Unfortunately I do not understand why this requirement is mandatory?

Thanks

 

1 Reply 1

Arne Bier
VIP
VIP

Good pickup. You'd have to get hold of the authors and ask them why. It doesn't make sense to me either. I never do a binary comparison of the cert. If I trust the EAP Server && the cert checks out cryptographically && the identity lives in AD ,then why would I still want to perform a binary comparison of the cert?  Client cert templates should always have the property set "do not allow private key export". If that is the case, then it makes it harder to share/steal/abuse certs.  

And we should probably start burying the MAR concept, and remove it from discussions/suggestions. Perhaps it's an older book that didn't yet mention EAP-TEAP.  MAR was always a trainwreck.