Rend-spec isn't clear about role of first layer of descriptor encryption
In [HS-DESC-FIRST-LAYER] of rend-spec-v3.txt it says:
The first layer of HS descriptor encryption is designed to protect
descriptor confidentiality against entities who don't know the blinded
public key of the hidden service.
However the HSDir does know the blinded public key, as that's part of the descriptor-signing-key-cert described in [DESC-OUTER]. Should the above quote instead be "...against entities who don't know the public identity master key of the hidden service"
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information