[BUG] Strange behavior when processing timestamp OCSP revocations embedded in DSS dictionary

Hi,

I would like to comment on a possible bug in the application (or know the logic behind it if it wasn't).

First of all, I am using W11 x64 version 2023.006.20360.

In short, I have a PDF with no legal value (TEST) whose standard is PAdES B-LT and, while for the signature the LTV is maintained.. for the timestamp, Adobe prefers to get the pertient revocations online.

This behavior doesn't always happen; Adobe will read the OCSP response embedded in the DSS for the timestamp as long as the NextUpdate is after the current date.

Once the NextUpdate happens, Adobe will mark the revocation as expired (which is totally uncertain, as at the signing time the revocation was fully acceptable, consistent and valid).

If I upload the PDF to europa/dss, I can see that those OCSP revocations that Adobe no longer wants are still fully valid and usable.

If I upload the PDF to ETSI Conformance Checker, I can see that my PDF is not malformed and is consistent to the ETSI EN 319 142-1 standard.

I'm not sure if anyone will answer me, but I won't lose anything by trying 😉

If anyone needs a PDF as an example or reference, please reply to me in this thread and I will be happy to provide it.

Regards, Juanje.