tor-spec doesn't say how clients authenticate authorities or fallback directories
In all handshake variants, once all certificates are exchanged, all
parties receiving certificates must confirm that the identity key is as
expected. (When initiating a connection, the expected identity key is
- the one given in the directory; when creating a connection because of an
+ when no reasonably live consensus is available: the one given in the hard-coded authority or fallback list;
+ when there is a reasonably live consensus: the one in the directory; when creating a connection because of an
EXTEND cell, the expected identity key is the one given in the cell.) If
the key is not as expected, the party must close the connection.