问题是，没有时间戳记的任何已签名消息将永远有效.如果攻击者设法捕获了一条消息，他们甚至可以在不损害用于签名该消息的秘密的情况下无限地重播该消息.

The issue is that without a timestamp any signed message is valid forever. If an attacker managed to capture a message they could replay it infinitely even without compromising your secret used to sign the message.

如果添加时间戳，则消息将在短时间后过期，并防止这种情况发生.您将选择在服务器应用程序中遵守时间戳的时间.当您确实记得考虑未来"的时候，因为客户的点击可能会稍早一些，并且将来会出现在您的应用程序中.

If you add a timestamp then a message will expire after a short time and prevent this. You would chose how long to honor timestamps for in the server application. When you do remember to consider "future" time because the clients' click might be slightly ahead of your and appear in the future to your application.