Over on Guido's site this morning, he has posted a link to the private email gateway login page that party political communications from Downing Street use. The link is for this is www.lpnet.org.uk. Interestingly, when you visit it for the first time you will be presented with SSL certificate errors.
I have to say, for a system that is supposedly for the secure sending of email, they haven't particularly filled me with confidence. For a start, the ssl certificate expired in 2003. Also the expired secure certificate wasn't even correctly configured in the first place. The Common Name (CN) for the cert should match the web server name for a start, i.e. www.lpnet.org.uk. The fact that it doesn't, suggests that whoever it was in Whale Communications that set it up was a bit of an idiot. Whale Communications is of course a subsidiary of Microsoft which might explain the failure to set up a computer properly.
I am a little confused by the issuer of the certificate as well. You would expect a company like Whale Communications to use someone like Verisign to issue their certs, but instead it was a machine called "butcher.farmjack.com" by a company that calls itself FarmJack (odd name). Farmjack.com leads to some ROAR holding page today offering piston and hydraulic repairs. Maybe they went bust prior to 2003? If they did I can't seem to find anything about them as an SSL certifcate authority (if someone esle can let me know in the comments).
What does all this mean? Well not a lot really. Other than the Labour Party seem to have shoddily set-up IT systems (no surprise there when you consider, as David Miliband put, their "famed competence" for IT projects. They also seem to be using rather dodgy certificate authority provider for their cert. This is not in itself a bad thing per se (you can after all self-sign certs if you wish), but it's not exactly good practice for such a large organisation that it thoroughly obsessed with issue "best practice" guidelines for everything.