A recent secure authentication service enforcing revocation in distributed systems is provided. Authenticity entities impose freshness constraints, derived from initial policy assumptions and authentic statements made by trusted intermediaries, in authenticated statements made by intermediaries. If freshness constraints are not presented, authentication is questionable. The freshness constraints can be adjusted. The delay for revocation can be arbitrarily bounded. The freshness constraints within certificates results in a secure and highly available revocation service such that less trust is required of the service.