Hi DeathAndTaxes,

I like the idea that in the event the bond has expired -- ie: the wall time is past the ValidTo date on the certificate, it could be automatically returned to another address -- however this would need to be done in the claim script when first generating transaction reference in the certificate.

I want to extend this to directly interact with bitcoin-like clients, it could construct the claim script for the transaction so that there is a time dependent claimable output -- not sure how to do this at the moment.

One possibility is something like the difficulty hash function; although the medium term validity life of a certificate makes it hard to predict a future difficulty value.
The other issue with this approach is it is likely more economical to mine the network directly; there is less incentive for a PKI CA to be crunching away for 3 years just so the output can be returned.

Very open to suggestions on this. The network offers a reasonably accurate distributed consensus of wall clock time; is there a realistic possibility that the script alphabet could be extended to include date time functionality? Is this a good idea to do this?

Another  idea could be a revocation key; similar to how GPG works. However the issue there is that practically, if you have lost the private key to your funds, you are likely to have lost access to the revocation key! 

My paper also makes the same argument regarding attacker likely to steal the funds -- it is hoped by making the private keys more valuable (because they dont just represent medium term auth keys; they also represent proof of ownership of funds); people will protect them better. Or likely steal them and the world will be able to know.