o Major features (circuit building, security): - Tor authorities, relays, and clients only use ntor, except for rare cases in the hidden service protocol. - Authorities, relays and clients specifically check that each descriptor has an ntor key. - Clients avoid downloading a descriptor if the relay version is too old to support ntor. - Client code never chooses nodes without ntor keys: they will not be selected during circuit-building, or as guards, or as directory mirrors, or as introduction or rendezvous points. - Circuit-building code assumes that all hops can use ntor, except for rare hidden service protocol cases. o Major bugfixes (circuit building): - Hidden service client to intro point and service to rendezvous point connections use the TAP key supplied by the protocol. Fixes bug 19163; bugfix on 0.2.4.18-rc.