...
The TSA service must be compliant with RFC3161 specification.
The TSA service must use HTTP(S) with
POST
for transportation.The TSA service must support
SHA-256
or stronger hash functions in requestsThe certificate that is used for time-stamping signatures must have the
id-kp-timeStamping
value in the Extended Key UsageExtendedKeyUsage
field.The TSA service must not require the usage of
reqPolicy
field in requests.The TSA service must use at least 2048-bit RSA key and
SHA-256
(or stronger) hash function for response signatures.TSA service must maintain its accuracy within 1 second of UTC.
...