Considerations for the OpenVPN Use Case Clause Samples

Considerations for the OpenVPN Use Case. This work was done as part of a project involving a Java Card applet to pro- vide authentication when establishing a VPN connection, tightly integrated into OpenVPN. The projected benefit of this was twofold: increased security and increased usability. Smart cards typically provide much more secure storage of the key material. By selecting the Java Card platform, the cross-platform applet can be easily combined with existing deployed systems. The tight integration with OpenVPN aims to improve the user experience: we avoid third-party mid- dleware (which would be required for the use of more generic solutions, such as hardware tokens relying on standards like PKCS#11) and store the configuration files for OpenVPN on the card to simplify the setup process for the user. This use case implies a set of assumptions and limitations. There is some margin in terms of signing time, as signing operations are fairly infrequent and users would expect some latency when establishing a connection. More impor- tantly, the required throughout is low: after signing once, typical usage scenarios suggest a period of time during which the card is connected and powered, but not used to produce a new signature. Furthermore, we note that key generation can be done during issuance, and even outside of the card (assuming a secure issuance environment – this is a reasonable assumption given that initialization also involves, e.g., PIN codes). In principle, there is a nice match between these properties and the XMSSMT signature scheme. There are many time-memory trade-offs that can be flexibly tweaked, and there is ample opportunity for pre- computation either during key generation or idle time. However, it is important to reiterate that memory (in particular the fast RAM) is a scarce resource on the card. The next section details these trade-offs. 4 Implementation‌ When designing a smart card application, it is important to consider natural ‘commands’ that divide up and structure the computation. For a traditional RSA-2048 or ECC signature, signing a message could be a single command with a single APDU as response. For XMSSMT , signatures are several kilobytes in size and must be spread out over multiple 256-byte response APDUs. This behavior is typical for hash-based signatures on small devices [12]; they are too large to comfortably fit in RAM but are very sequential in their construction, strongly suggesting an interface where the signature is streamed out incrementally. There is m...
View SourceView Similar (2)

Related to Considerations for the OpenVPN Use Case

  • Price Schedule, Payment Terms and Billing, and Price Adjustments (a) Price Schedule: Price Schedule under this Contract is set forth in Exhibit B.

  • Minimum Site Requirements for TIPS Sales (when applicable to TIPS Sale). Cleanup: When performing work on site at a TIPS Member’s property, Vendor shall clean up and remove all debris and rubbish resulting from their work as required or directed by the TIPS Member or as agreed by the parties. Upon completion of work, the premises shall be left in good repair and an orderly, neat, clean and unobstructed condition. Preparation: Vendor shall not begin a project for which a TIPS Member has not prepared the site, unless Vendor does the preparation work at no cost, or until TIPS Member includes the cost of site preparation in the TIPS Sale Site preparation includes, but is not limited to: moving furniture, installing wiring for networks or power, and similar pre‐installation requirements. Registered Sex Offender Restrictions: For work to be performed at schools, Vendor agrees that no employee of Vendor or a subcontractor who has been adjudicated to be a registered sex offender will perform work at any time when students are, or reasonably expected to be, present unless otherwise agreed by the TIPS Member. Vendor agrees that a violation of this condition shall be considered a material breach and may result in the cancellation of the TIPS Sale at the TIPS Member’s discretion. Vendor must identify any additional costs associated with compliance of this term. If no costs are specified, compliance with this term will be provided at no additional charge. Safety Measures: Vendor shall take all reasonable precautions for the safety of employees on the worksite, and shall erect and properly maintain all necessary safeguards for protection of workers and the public. Vendor shall post warning signs against all hazards created by the operation and work in progress. Proper precautions shall be taken pursuant to state law and standard practices to protect workers, general public and existing structures from injury or damage. Smoking: Persons working under Agreement shall adhere to the TIPS Member’s or local smoking statutes, codes, ordinances, and policies.

  • Price Adjustments for OGS Centralized Contracts Periodic price adjustments will occur no more than twice per year on a schedule to be established solely by OGS. Pricing offered shall be fixed for the first twelve (12) months of the Contract term. Such price increases will only apply to the OGS Centralized Contracts and shall not be applied retroactively to Authorized User Agreements or any Mini-bids already submitted to an Authorized User. Price decreases may be made at any time. Additionally, some price decreases shall be calculated in accordance with Appendix B, section 17, Pricing.

  • Program Monitoring and Evaluation The Recipient shall prepare, or cause to be prepared, and furnish to the Association not later than six months after the Closing Date, a report of such scope and in such detail as the Association shall reasonably request, on the execution of the Program, the performance by the Recipient and the Association of their respective obligations under the Legal Agreements and the accomplishment of the purposes of the Financing.”

  • Contract Monitoring The criminal background checks required by this rule shall be national in scope, and must be conducted at least once every three (3) years. Contractor shall make the criminal background checks required by Paragraph IV.G.1 available for inspection and copying by DRS personnel upon request of DRS.