The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
to the extent that a FIPS is based on existing private sector standards, it codifies standards of existing practice with all of the benefits (and costs) described above. A second reason is that a FIPS is often taken as a government endorsement of the procedures, practices, and algorithms contained therein and thus sets a de facto ''best-practices" standard for the private sector. A third reason is related to procurements that are FIPS-compliant as discussed in Chapter 6.
Products such as computers and communication devices that are intended to interoperate with other equipment are of little value if they are based on a standard few others usethere is no one to communicate with. For this reason, interoperability standards often foster a sudden acceleration in market share growtha bandwagon effectin which users afraid of being left out rush to adopt a standard once it appears clear that most other users will adopt that standard. The flip side of this phenomenon is the potential for significant delay in development of a market prior to this takeoff point: users put off purchasing products and services that might become "orphaned" in the future. During a period in which more than one competing standard exists, the entire market's growth may be adversely affected. The failure of a consumer market for AM stereo receivers, for example, was largely due to the lack of a dominant standard.7
Competing standards developed in the private and public sectors could be slowing the spread of cryptographic products and services. The two cryptography-related FIPSs most recently produced by NIST were not consistent with existing de facto industry standards. As discussed previously, the Escrowed Encryption Standard was adopted as FIPS 185 despite the overwhelmingly negative response from private industry and users to the public notice in the Federal Register.8 The Digital Signature Standard was also adopted despite both negative public comments and the apparent emergence of a de facto industry based on RSA's public-key algorithm.9