I assumed the "time is now" was meant to prevent replays. But yes, it's great if you can establish a secure channel first with a session key generated based on randomness provided by both client and server and then, once the session is up, send a signature of the session key, signed by your long-term key. No timestamp needed, then (I think). (Insert obligatory reminder not to roll your own crypto.)

But this is beside the point. You still have the problem that you are signing a thing, and if the signing key isn't restricted to signing only this type of thing, there is a risk that the thing you are signing could have a different meaning when interpreted as a different type. Even if the client fully-controls the content of the thing to be signed, this is still possible. Perhaps you can dismiss it as "unlikely", but I'm not sure I'm comfortable doing so.