We don't want signer-provider or verification-provider to override the TSAVerifyOptions because then user can override this value and start using non time-stamping cert(like ssl) for time-stamping.

Also as per rfc3161#section-2.3
The corresponding certificate MUST contain only one instance of the extended key usage field extension as defined in [RFC2459] Section 4.2.1.13 with KeyPurposeID having value: id-kp-timeStamping.

I would suggest to start with not exposing TSAVerifyOptions and then later if need arises we can expose this option with sane defaults.

Originally posted by @priteshbandi in #15 (comment)

Applications can still override TSAVerifyOptions but not the KeyUsages in it.

@iamsamirzon should we take this into the release? I think this will need review in that case.