Why You Can’t Trust Network Time

When a domain changes owners the validity periods ensure that after a sensible amount of time the new owner can be sure that the old owner does not hold any active certificates anymore. Now when such a device is powered on again and comes online to receive commands from its owner it first needs to fetch the current time to be able to validate any PKI certificate. This is the same issue as if the device opts to trust an expired certificate directly to establish the current time.

Source: diode.io