I observed some inconsistency, if not errors, in the directory server specs [1]: 1. Outline Every authority has a very-secret, long-term "Authority Identity Key". This is stored encrypted and/or offline, and is used to sign "key certificate" documents. Every key certificate contains a medium-term (3-12 months) "authority signing key", that is used by the authority to sign other directory information. 2.1. Router descriptor format "fingerprint" fingerprint NL [At most once] A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in hex, with a single space after every 4 characters) for this router's identity key. A descriptor is considered invalid (and MUST be rejected) if the fingerprint line does not match the public key. "signing-key" NL a public key in PEM format [Exactly once] The OR's long-term identity key. It MUST be 1024 bits. According to the outline, the long-term identity key should be different from the signing key, which changes every 3-12 months. Then why should the signing key become the identity key in the descriptor format, and fingerprint become the hash of the identity key? Cheers, Beck [1] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=dir-spec.tx...