Dirauths must support multiple relay identity keys at once
As discussed on [https://blog.torproject.org/blog/openssl-bug-cve-2014-0160], directory authorities must rotate their relay identity keys in order to recover from possible exposure due to the ‘Heartbleed’ bug. (A dirauth's relay identity key could be used by a MITM attacker to feed clients an outdated consensus, for example.)
There are two requirements in order to do this without causing a network meltdown:
- A dirauth must be able to sign relay descriptors using multiple relay identity keys at once.
- A dirauth must be able to operate multiple ORPorts at once, with (possibly) different relay identity keys.