Allow tor hidden services to delegate to operational public keys
The public key for a tor hidden service should be able to sign/delegate to a lower security "operational" key that actually executes all the ongoing protocol operations for that hidden service.
That way, you can air gap your hidden service key, and not lose your .onion address if/when a hidden server is compromised.