- QUESTION: Just what is the power of the FIPS outside of the interop issues in sending stuff back and forth from federal agencies?

From the commentary around the final FIPS, which differed in some detail from the draft FIPS, it looks like most of the public comments were about

The basic purpose of a FIPS is to instruct governemnt agencies on what kinds of equipment/software they should buy. Some FIPSs are mandatory, but most are pretty optional. However, in this case, the purpose is basically propaganda - the NIST can set standards, and can announce "Hey, this is standard", and even try to get other government agencies to buy lots and lots of Clipperphones. The so-called FIPS for Clipper was a horrendous abuse of the FIPS process; I took advantage of my 10 years as a defense contractor to flame out the proposed spec in great detail. I don't think I've still got my critique, but essentially I contended than the proposed "Escrowed Encryption Standard" didn't describe escrow, didn't specify encryption, and wasn't a standard.... It was fun, if you can do that sort of thing and not inhale :-) It wasn't escrow, because the functions it describes aren't escrow, and it doesn't mandate that they be used in a way that performs escrow functions using the functions it does perform. It didn't specify an encryption algorithm. It wasn't an implementable standard, since it didn't contain enough information for a user agency to specify an equipment design ("ask the NSA" just _doesn't_ rate), or for a vendor to validate whether an equipment design is compliant, or for a user to tell if it's working properly. the political issues, but a couple of changes appeared to be responses to technical details from the public, including things I'd flamed them about. I don't know how positive I feel about that ..... Bill