Rend-spec isn't clear about role of first layer of descriptor encryption
In [HS-DESC-FIRST-LAYER]
of rend-spec-v3.txt
it says:
The first layer of HS descriptor encryption is designed to protect
descriptor confidentiality against entities who don't know the blinded
public key of the hidden service.
However the HSDir does know the blinded public key, as that's part of the descriptor-signing-key-cert
described in [DESC-OUTER]
. Should the above quote instead be "...against entities who don't know the public identity master key of the hidden service"