https://bugs.documentfoundation.org/show_bug.cgi?id=156082
--- Comment #6 from Miklos Vajna <[email protected]> --- > Until we are able to validate the timestamps, properly ignoring them should > be a reasonably easy hack. I'm fine with that, the German d-trust pdf sign service creates the same ETSI.RFC3161 "signature", where I also saw this. Once concern is: when it comes to security, sometimes failing is better than ignoring something to be verified. So if we just ignore the signed timestamp, possibly somebody will consider it a security bug that the timestamp signature is silently not verified. Perhaps the way out is either just implementing the missing feature or a new error result saying "the signature is valid, but the timestamp is not verified". -- You are receiving this mail because: You are the assignee for the bug.
