Phillip Hallam-Baker wrote: > 3) A relying party thus requires a demonstration that is secure against a > replay attack from one or more trusted parties to be assured that the time > assertion presented is current but this need not necessarily be the same as > the source of the signed time assertion itself. > The real design decision is who you decide you are going to rely on for > (3). TLS is proof against replay attack due to the exchange of nonces. How can you get secure time to securely confirm that a certificate of TLS has not expired? Use yet another PKI? Masataka Ohta