John,
One addition to your description -- a small, but important,
point...
ANSI (of which both UL and the normative standards on which
their more detailed testing/evaluation standards are based are
members and accredited SDOs) makes a careful decision between
"safety standards" and other sorts of things. By the
definitions they use, the IETF has never done a safety standard.
That is probably A Good Thing.
The safety standards tend to be rigidly normative, specifying
exactly what is permitted and what is not. There is no need for
our sort of interoperability testing, because things are
required to conform to an explicit set of specifications and
requirements. And, where that isn't done, there are usually
requirements for approval by the local authority or use of
"approved" equipment. In both cases, the term "to approve"
implies some sort of inspection or certification entity.
The characteristic that these things have in common is that they
are designed to be incorporated into legislation. The National
Electrical Code, with which many readers of this list are
probably familiar (my apologies to those, especially out of the
US, who are not -- you already knew that we do things in odd
ways here), is a good example. The Code itself is nothing more
than an ANSI Standard. Conformance is voluntary, right? Well,
the text is full of references to approved devices and approval
by local authority.
Then various jurisdictions come along, take that "voluntary"
standard, and pass laws saying that it is illegal to do
electrical things any other way. In the process, they specify
the local approval authority (your friendly neighborhood
electrical inspector in most cases) and the list of bodies that
can approve "approved" devices. The latter is a list that
usually has only one entry on it, and that entry is UL. If
Valdis can buy a non-UL-certified night light in Vermont, he
gets a choice. In many jurisdictions, it is illegal to sell
such things, or household fire insurance is scrap paper if there
is a fire traced to a device without UL certification. And, for
some devices, the codes themselves require that only certified
devices get installed.
Now, in our business, partially because we don't do safety
standards, we rely on external certification processes,
including a lot of self-certification, rather than these
elaborate drills that prevent selling or installing things that,
in the judgement of some organization, are non-conforming.
Stef's most recent notion of people doing their own
interoperabiity testing and announcing what they find if they
want to is exactly self-certification. And it has been around
for years.
But that brings us right back to where this series of thread
started: the company in question has never, to my knowledge,
made a loophole-free public claim that it conforms to anything
the IETF has produced, especially at the applications level. If
they had made such a claim, and obviously didn't conform, then
someone might have a reasonable cause of action against them,
with or without a public announcement process. But they are
doing exactly what they claim to be doing (read the licenses) --
delivering software that may or may not work and may or may not
be good for anything. If one doesn't like that, one should
presumably go elsewhere or figure out why there isn't an
"elsewhere" and do something about it.
john
--On Monday, 28 January, 2002 09:01 -0800 John W Noerenberg II
<jwn2(_at_)qualcomm(_dot_)com> wrote:
At 10:19 PM -0500 1/26/02, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
I have in my bedroom a night light, which I purchased at a
local grocery store. It has a UL logo on it, which doesn't
tell me much about its suitability as a night light (I can't
tell if it's bright enough, or if it's too bright, or what
its power consumption is), but it *does* tell me 2 things:
1) It has been *tested* and found free of any known safety
design problems. It may not *work* as a night light, but it
won't shock me when I go to throw it in the trash can because
it's not suitable.
2) A high enough percentage of night light manufacturers get
UL listed that I can afford to be suspicious of any company
that doesn't have the logo on their product.
Underwriters Laboratories, Inc. is a non-profit corporation
that was founded in 1894. This
<http://www.ul.com/about/otm/otmv3n2/labdata.htm>article
describes the process UL uses for developing their standards.
Many UL standards receive ANSI certification. According to
the article, UL relies on information from a number of sources
while developing a standard.
UL tests products submitted by its customers for *conformance*
to its standards. UL's reputation depends on the rigor and
independence of their testing. I don't know how it costs to
submit a product for testing, but obtaining UL certification
isn't free. UL's certification program is successful, because
when consumers like Valdis (and me) see a UL label, they
believe in its value. As Valdis points out, the value of the
label has limits.
Certification isn't the work of a volunteer organization like
the IETF. It could be the work of an organization like
Underwriters Labs. This would be a good thing for Internet
standards, imho.
One idea proposed multiple times in this meandering discussion
is that those advocating testing should put up or shut up --
create a testing organization or move on to other topics. I
concur with both those suggestions. I'm sure you'll all be
pleased this is my last word on the topic.
best,
--
john noerenberg
jwn2(_at_)qualcomm(_dot_)com
--------------------------------------------------------------
-------- While the belief we have found the Answer can
separate us and make us forget our humanity, it is the
seeking that continues to bring us together, the makes and
keeps us human. -- Daniel J. Boorstin, "The Seekers", 1998
--------------------------------------------------------------
--------