* not every implementation has a wall clock, or has it set right.
what happens to these machines?
This problem already exists since you need the time to validate the certificate.
Overall though, I'm not in favour of having a set cut off date except perhaps for ciphers we already know are weak, however since the idea is to design a new version of TLS why would things that are known to be weak be included in the first place?