Offline directory authorities need a way to post their certificate to other authorities
We have wanted to be able to run (the signing parts of) a directory authority offline for a while, because it's more secure.
So I have been experimenting with an offline (ORPort and DirPort unreachable) directory authority on the test net.
Almost everything works: it posts votes, downloads votes from other authorities, signs consensuses, and posts its signature. It could easily do these things using a 3-hop Tor path.
But once its authority certificate expires, it has no way to post it to the other authorities.
A workaround is to overwrite another authority's cached-certs file with the missing authority certificate file. But this is nasty.
We should make authorities accept certificate posts, and post their certificates to one another.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information