The date looked harmless.
Just a field. A little boundary buried in the schema, the kind of thing people call hygiene when they don’t want to admit it can run a whole program from the shadows. On Sign, that boundary is real: schemas can set maxValidFor, and attestations carry their own validUntil; 0 can mean no expiration at all. In other words, freshness is not some vague downstream preference. It is designed into the evidence layer itself.
What bothered me was not revocation drama. Nothing that clean.
It was older claims that still had a pulse.
I kept looking at one credential in a benefits flow and trying to decide whether I was being paranoid. The record was not dead. Not revoked. Not expired. Still structurally fine. Still the sort of thing another system could read without flinching. But it had that stale feeling some records get before the status tag catches up. Old enough to make you uncomfortable. Not old enough to stop the machine.
And that gray zone feels very Sign-native to me.
Because once validity windows sit at the schema layer, the institution is no longer just defining what a claim says. It is deciding how long that claim gets to keep participating in reality. On Sign, The attestation can remain technically valid because the timer says so, even while the human context around it has already gone soft.
So the hard question is not whether the credential still verifies.
It’s who gets to admit that “still valid” and “still safe to govern outcomes” stopped being the same thing a while ago.