Should relays use begindir or naked dirport connections?
In #4115 (moved) it was noted that bridges were using naked dirport connections. That was clearly a bug, and has been fixed.
But it is less clear what public relays should do.
In favor: encrypting dir fetches improves their resistance to tampering on the wire, including tampering of unauthenticated stuff like the X-Your-Address-Is and Date http headers.
Against: it increases the load they place on the authorities, both in terms of CPU (all those bonus TLS handshakes) and sockets (since TLS connections are held open for a while).