Bob,
I think we've had this discussion earlier, but your random
number source is a new twist. Nonetheless, I think that use of a
third party providing a timestamp notary facility is the best bet,
establishing the time at which a message (or other data) is
"registered" with this neutral party. Provisions for preventing the
timestamp notary from rolling back the clock have been proposed, so
the trust in this entity is limited. I think the result is better
than a "could not have been signed before" guarantee, in that it
more precisely pinpoints the registration time. Admittedly, that
is not the same as having the user include such info at the source,
but iI'm not sure that a "not before" indication will suffice in
many instances anyway.
Steve