Secure signature time

GPG4win and Kleopatra use local machine time for digital signatures, but those times are not credible. Request that signatures use GMT time retrieved from a secure time server, such as:

to provide irrefutable signature time. Optionally include local time for convenience.

I don’t think that this will happen. OpenPGP is decentralized / offline able by design. Using a signed timestamp would introduce a centralized element and require an online connection. So the signature time is at the discretion of the signer and can be faked.
But the signature timestamp is nowhere used as a security feature AFAIK. It’s just informative.

This is also nothing Gpg4win could change. Including timestamps signed by a third party would need a change to the OpenPGP standard to be interoperable.

Hi Bill,
in addition to what Andre wrote:
OpenPGP already saves the time in UTC, see RFC4880:

3.5. Time Fields

A time field is an unsigned four-octet number containing the number
of seconds elapsed since midnight, 1 January 1970 UTC.

Best Regards,