Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
172
Views
0
Helpful
1
Replies

MAR and its relation to Binary Certificate Comparison...

rezaalikhani
Spotlight
Spotlight

‎09-10-2024 11:49 AM

Hi all;

Look at the following statement from Cisco's official SISE 300-715 book:

rezaalikhani_0-1725994087718.png

Unfortunately I do not understand why this requirement is mandatory?

Thanks

 

Labels:
0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎09-11-2024 01:50 PM

Good pickup. You'd have to get hold of the authors and ask them why. It doesn't make sense to me either. I never do a binary comparison of the cert. If I trust the EAP Server && the cert checks out cryptographically && the identity lives in AD ,then why would I still want to perform a binary comparison of the cert?  Client cert templates should always have the property set "do not allow private key export". If that is the case, then it makes it harder to share/steal/abuse certs.  

And we should probably start burying the MAR concept, and remove it from discussions/suggestions. Perhaps it's an older book that didn't yet mention EAP-TEAP.  MAR was always a trainwreck.

0 Helpful
Customers Also Viewed These Support Documents