Summarize our crypto migration plans in one place
Tor has a bunch of crypto use throughout its design: link encryption (nist-style tls), relay identities (1024-bit rsa, soon to be ed25519), circuit handshakes (ntor, but we still support tap), cell crypto (aes), onion service identities (1024-bit rsa, but soon to be this complicated thing), and probably a few more.
People keep misunderstanding where we are in the crypto migration plan ("omg tor still uses 1024-bit rsa"). It would be nice to have it all written out in one place that we can reference.