How Onion Services works? A gentle but deeper explanation

Description

We need something that goes beyond How do Onion Services work? and that also mentions advanced topics, but not too technical as the specs.

Something in-between, but covering most, if not all, aspects of Onion Services communication technology.

This is part of Tor's mission for "furthering their scientific and popular understanding" of "free and open source anonymity and privacy technologies" (source).

Tasks

• Write an introduction: how Onion Services works? A gentle but deeper explanation, including:
  • Document about the descriptor directory cache (HSDir, sometimes called "hashring" or even "DHT"), including:
    • What? Why? How?
    • In which sense it's a DHT?
    • How descriptors are stored and indexed (hs_cache_dir_descriptor_t struct on C Tor): the key is the blinded signing pubkey, so no way for impersonators to overwrite descriptors with bogus content.
  • Document a bit more about it's security properties and benefits, including:
    • Expand more on the security properties that makes Onion Services, unlike DNS-based names, safe from attacks such as address hijack or seizure, as long as the service keys are protected.
  • Document why the secret keys should be expanded.