RFE 4500302 actually requests several enhancements in various places: JDK, jarsigner, PlugIn and Web Start. There is another rfe (4523234) tracking
work needed in JDK to support timestamped signatures. 

We plan to implement rfe 4523234 for Tiger (pending Tiger team approval, etc.).
Once rfe 4523234 is done, PlugIn should consider time-of-signing when verifying signed jar.

So I'm filing this rfe to track the work needed in PlugIn (if any). I'll file another rfe to track work needed in Web Start (if any).  RFE 4500302 will be used to track enhancements needed in jarsigner. I'll add notes in rfe 4500302.

N/A

Yes, this is very good idea. Committed for Tiger.

  xxxxx@xxxxx   2002-03-14

Fix in progress by Dennis.
  xxxxx@xxxxx   2003-10-09

Perhaps an even better workaround -- just show the 
certificate is expired, flash up a warning, and allow them to 
accept it anyway.  Expired certificates are *VERY* common
on the web.   Make the warning as obvious as needed, but
the code should run if the user really wants to run the code.

I second this submission.   Corporate server-farm 
environments often restrict updating code except on rare 
intervals (1 year or more, etc) and try to fight configuration
changes as much as possible.   Usually such changes require 
writing special deployment software, bringing systems down, 
etc.  For this reason, I can't write software for 10 vendors
and expect them to grab new jar files for 500 machines each
every 1 year and remember when they need to do it.