Secure RPC tickets, once the initial authentication is established from the client, contains the index (ID) into the server's credential database, and a timestamp encrypted under the conversation key (CK). If an ID and CK can be determined, an imposter can pose as the legitimate user until the usage time expires, based on the window.