Verifier assumes the timestamp hash algorithm is SHA256 but this is not necessarily the case.

trailofbits/rfc3161-client#144 should make it fairly easy to verify using the correct hash algorithm.

See also #1372