tor-spec doesn't say how clients authenticate authorities or fallback directories
In all handshake variants, once all certificates are exchanged, all parties receiving certificates must confirm that the identity key is as expected. (When initiating a connection, the expected identity key is - the one given in the directory; when creating a connection because of an + when no reasonably live consensus is available: the one given in the hard-coded authority or fallback list; + when there is a reasonably live consensus: the one in the directory; when creating a connection because of an EXTEND cell, the expected identity key is the one given in the cell.) If the key is not as expected, the party must close the connection.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information