NETINFO cells are mandatory, but tor-spec says "may"
In this context, "may" is ambiguous: NETINFO is actually a mandatory requirement:
cell (4.5). As soon as it gets the CERTS cell, the initiator knows
whether the responder is correctly authenticated. At this point the
- initiator may send a NETINFO cell if it does not wish to
+ initiator MUST send a NETINFO cell if it does not wish to
authenticate, or a CERTS cell, an AUTHENTICATE cell (4.4), and a NETINFO
cell if it does. When this handshake is in use, the first cell must
be VERSIONS, VPADDING or AUTHORIZE, and no other cell type is allowed to
intervene besides those specified, except for PADDING and VPADDING cells.
https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n482