Decide what to do about hs descriptor cert expiry etc.
This will probably involve a spec clarification and/or investigation of what C Tor does.
12:41 <+Diziet> nickm: Re descriptor-signing-key-cert validity period.
Obviously every signature needs to have a time-limited validity
period.
12:42 <+Diziet> The outer descriptor is signed by KP_hs_blind_id. Is it enough
that KP_hs_blind_id itself is a key which is only valid for a
particular time period ?
13:07 <+nickm> the outer descriptor is not signed by KP_hs_blind_id; it's
signed by KP_hs_desc_sign, which is in turn signed by
KP_hs_blind_id
13:07 <+Diziet> I think maybe we want a ticket for this question.
13:08 <+nickm> no objection; maybe it is the same ticket as the related
question about the status of the certificates in the inner
document. Maybe not.