BridgeDB should hand out identity fingerprints
Once we deprecate Vidalia fully and switch to Tor Launcher, nothing should be in the way of handing out identity hex keys for bridges. Well, nothing except #9445 (moved) (which if it comes down to it, I can fix quickly myself).
It is important to hand out these fingerprints because it mitigates path bias/route capture attacks. Without the identity fingerprint, a firewall could potentially MITM the bridge connection for purposes of unwrapping TLS, in order to see the Tor cell headers and bitstomp/tag cells to control circuit destinations and deanonymize users. We have detectors for these attacks in place, but they can't be enforced yet because of the highly variable rate of CPU overload/circuit failure on the network. Other solutions to bitstomping (like wide-block ciphers) will also mitigate these attacks, but they are a long ways off.
With the identity fingerprint, the TLS links will be authenticated (our TLS connections use the identity key to sign a short-lived TLS link key).