@cjwatson Note I went back on that above, and suggested a more clear cut implementation which rejects anything going in for a disabled key. I will strike the first suggestion to avoid misunderstandings.
With that said, I’m hoping we can do better on real expiration of the key, per some exchanges we already had on the topic. Timestamps would indeed be part of it, and we can also introduce a mechanism that lists known signatures at the time of expiration and prevents at least a well defined class of assertions from being accepted if they’re not on that list. This would be a way to prevent stolen keys from being used to sign documents seemingly in the past.