Merge remote-tracking branch 'public/ticket18319'

changes/ticket18319

@@ -0,0 +1,4 @@
+  o Minor features (directory authority, security):
+    - The default for AuthDirPinKeys is now 1: directory authorities will
+      reject relays where the RSA identity key matches a previously seen
+      value, but the Ed25519 key has changed. Closes ticket 18319.

doc/tor.1.txt

@@ -2277,7 +2277,7 @@ on the public Tor network.
     publish a descriptor if any other relay has reserved its <Ed25519,RSA>
     identity keypair. In all cases, Tor records every keypair it accepts
     in a journal if it is new, or if it differs from the most recently
-    accepted pinning for one of the keys it contains. (Default: 0)
+    accepted pinning for one of the keys it contains. (Default: 1)
 
 [[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
     Authoritative directories only. Switch for the shared random protocol.

src/or/config.c

@@ -212,7 +212,7 @@ static config_var_t option_vars_[] = {
   V(AuthDirInvalidCCs,           CSV,      ""),
   V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
   V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
-  V(AuthDirPinKeys,              BOOL,     "0"),
+  V(AuthDirPinKeys,              BOOL,     "1"),
   V(AuthDirReject,               LINELIST, NULL),
   V(AuthDirRejectCCs,            CSV,      ""),
   OBSOLETE("AuthDirRejectUnlisted"),