jarsigner should print more information about the lifetime of a timestamped JAR, which is bounded by the validity period of the TSA. Once the TSA server certificate expires, the timestamp is no longer valid and the JAR will be treated as unsigned (assuming the signer's certificate is also expired). Printing this information would give users a better idea how long the timestamped application will actually work. The information should be emitted when using jarsigner to sign or verify a JAR, and perhaps also when using keytool to print the certificates in a signed JAR. The warnings should be categorized by severity based on how soon the timestamp will expire.