[xmlsec] Verify signature after certificate expired

[Rich Salz]

> Yes! When you signed it you claimed that you are the college student. 
> When you graduated
> you are not college student anymore and your signature as "college 
> student" is *not* valid.

So you're saying that you believe it is impossible to ever do any after 
the fact audits.  I can never verify that something happened "back then" 
without having a current chain of cross-certified certificates up until 
the present moment.  Suppose the signer dies?  All prior signatures are 
now just ticking clocks, waiting to become invalid?

	/r$