diff --git a/ChangeLog b/ChangeLog
index b83e707a96..42b2ff061f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,8 +33,9 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
       list if it stays that way for a long time.
     - Allow directory authorities to be marked separately as authorities for
       the v1 directory protocol, the v2 directory protocol, and as hidden
-      service directories.  This should make it easier to migrate trust away
-      from one of the two authorities currently running on Moria.
+      service directories, to make it easier to retire old authorities.
+      V1 authorities should set "HSAuthoritativeDir 1" to continue being
+      hidden service authorities too.
     - Reserve the nickname "Unnamed" for routers that can't pick a hostname;
       any router can call itself Unnamed; directory servers will never
       allocate Unnamed to any particular router; clients won't believe that
@@ -60,6 +61,9 @@ Changes in version 0.1.2.2-alpha - 2006-10-??
     - Reject (most) attempts to use Tor as a one-hop proxy; if many people
       start using Tor as a one-hop proxy, exit nodes become a more attractive
       target for compromise. (Fixes bug 303.)
+    - Just because your DirPort is open doesn't mean people should be
+      able to remotely teach you about hidden service descriptors. Now
+      only accept rendezvous posts if you've got HSAuthoritativeDir set.
 
   o Major bugfixes:
     - Avoiding crashing on race condition in dns.c:
diff --git a/doc/TODO b/doc/TODO
index 7da1ba9239..9c390b0143 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -176,7 +176,7 @@ N   - Later, servers will stop generating new descriptors simply
 
   - Critical but minor bugs, backport candidates.
 d   - Failed rend desc fetches sometimes don't get retried. True/false?
-R   - non-v1 authorities should not accept rend descs.
+    o non-v1 authorities should not accept rend descs.
 R   - support dir 503s better
       o clients don't log as loudly when they receive them
       - they don't count toward the 3-strikes rule
diff --git a/doc/tor.1.in b/doc/tor.1.in
index 1d03ba7d47..c3ad410c5f 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -716,6 +716,11 @@ registered binding.  See \fBapproved-routers\fP in the \fBFILES\fP
 section below.
 .LP
 .TP
+\fBHSAuthoritativeDir \fR\fB0\fR|\fB1\fR\fP
+When this option is set in addition to \fBAuthoritativeDirectory\fP, Tor also
+accepts and serves hidden service descriptors. (Default: 0)
+.LP
+.TP
 \fBDirPort \fR\fIPORT\fP
 Advertise the directory service on this port.
 .LP
diff --git a/src/or/config.c b/src/or/config.c
index f021fb9c19..8407367ee1 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -172,6 +172,7 @@ static config_var_t _option_vars[] = {
   VAR("HiddenServiceNodes",  LINELIST_S, RendConfigLines,    NULL),
   VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines,    NULL),
   VAR("HiddenServicePort",   LINELIST_S, RendConfigLines,    NULL),
+  VAR("HSAuthoritativeDir",  BOOL,     HSAuthoritativeDir,   "0"),
   VAR("HttpProxy",           STRING,   HttpProxy,            NULL),
   VAR("HttpProxyAuthenticator",STRING, HttpProxyAuthenticator,NULL),
   VAR("HttpsProxy",          STRING,   HttpsProxy,           NULL),
diff --git a/src/or/directory.c b/src/or/directory.c
index 0de573286f..d874e18f5f 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -1433,6 +1433,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
   size_t dlen;
   const char *cp;
   char *url = NULL;
+  or_options_t *options = get_options();
   /* We ignore the body of a GET request. */
   (void)body;
   (void)body_len;
@@ -1596,25 +1597,15 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
     return 0;
   }
 
-  if (!strcmpstart(url,"/tor/rendezvous/") ||
-      !strcmpstart(url,"/tor/rendezvous1/")) {
+  if (options->HSAuthoritativeDir &&
+      (!strcmpstart(url,"/tor/rendezvous/") ||
+       !strcmpstart(url,"/tor/rendezvous1/"))) {
     /* rendezvous descriptor fetch */
     const char *descp;
     size_t desc_len;
     int versioned = !strcmpstart(url,"/tor/rendezvous1/");
     const char *query = url+strlen("/tor/rendezvous/")+(versioned?1:0);
 
-    if (!authdir_mode(get_options())) {
-      /* We don't hand out rend descs. In fact, it could be a security
-       * risk, since rend_cache_lookup_desc() below would provide it
-       * if we're gone to the site recently, and 404 if we haven't.
-       *
-       * Reject. */
-      write_http_status_line(conn, 400, "Nonauthoritative directory does not "
-                             "store rendezvous descriptors");
-      tor_free(url);
-      return 0;
-    }
     switch (rend_cache_lookup_desc(query, versioned?-1:0, &descp, &desc_len)) {
       case 1: /* valid */
         write_http_response_header(conn, desc_len, "application/octet-stream",
@@ -1656,7 +1647,7 @@ directory_handle_command_get(dir_connection_t *conn, char *headers,
 
   if (!strcmp(url,"/tor/dir-all-weaselhack") &&
       (conn->_base.addr == 0x7f000001ul) &&
-      authdir_mode(get_options())) {
+      authdir_mode(options)) {
     /* XXX until weasel rewrites his scripts  XXXX012 */
     char *new_directory=NULL;
 
@@ -1694,12 +1685,13 @@ directory_handle_command_post(dir_connection_t *conn, char *headers,
                               char *body, size_t body_len)
 {
   char *url = NULL;
+  or_options_t *options = get_options();
 
   log_debug(LD_DIRSERV,"Received POST command.");
 
   conn->_base.state = DIR_CONN_STATE_SERVER_WRITING;
 
-  if (!authdir_mode(get_options())) {
+  if (!authdir_mode(options)) {
     /* we just provide cached directories; we don't want to
      * receive anything. */
     write_http_status_line(conn, 400, "Nonauthoritative directory does not "
@@ -1736,7 +1728,8 @@ directory_handle_command_post(dir_connection_t *conn, char *headers,
     goto done;
   }
 
-  if (!strcmpstart(url,"/tor/rendezvous/publish")) {
+  if (options->HSAuthoritativeDir &&
+      !strcmpstart(url,"/tor/rendezvous/publish")) {
     /* rendezvous descriptor post */
     if (rend_cache_store(body, body_len) < 0) {
 //      char tmp[1024*2+1];
diff --git a/src/or/or.h b/src/or/or.h
index 4fe16012e7..a73b284bd9 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -1442,8 +1442,10 @@ typedef struct {
   int DirPort; /**< Port to listen on for directory connections. */
   int AssumeReachable; /**< Whether to publish our descriptor regardless. */
   int AuthoritativeDir; /**< Boolean: is this an authoritative directory? */
-  int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory?
+  int V1AuthoritativeDir; /**< Boolean: is this an authoritative directory
                            * for version 1 directories? */
+  int HSAuthoritativeDir; /**< Boolean: does this an authoritative directory
+                           * handle hidden service requests? */
   int NamingAuthoritativeDir; /**< Boolean: is this an authoritative directory
                                * that's willing to bind names? */
   int VersioningAuthoritativeDir; /**< Boolean: is this an authoritative
diff --git a/src/or/router.c b/src/or/router.c
index e43a593c86..b139440f53 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -364,7 +364,7 @@ init_keys(void)
                           (uint16_t)options->DirPort, digest,
                           options->V1AuthoritativeDir, /* v1 authority */
                           1, /* v2 authority */
-                          options->V1AuthoritativeDir /* hidserv authority */);
+                          options->HSAuthoritativeDir /* hidserv authority */);
   }
   return 0; /* success */
 }