Reducing an overload if certificates changed.
Tor (caches) should not delete the old certificates as soon as a new received. In the current version the difference between the time of publications are usually more than 48 hours, except a rare cases.
Client must request a certificates by signing key digest not identity, if a digest (from consensus) known and client wish to obtain it exactly. (If this does not entail additional risks)
Client can trust a signature, for some a short period after certificate expired. This will reduce the risk of failure if the resulting consensus signed multiple keys, certificates that expired at the same time. Perhaps, authority directory also could continue this time to sign the consensus look for warning the owner.
[Automatically added by flyspray2trac: Operating System: All]