If we merge introduction points with HSDirs, we have no option but to
use the same introduction points, regardless how many INTRODUCE2 cells
we get through them, until the new shared-RNG consensus value (24
hours normally, in case nothing bad happens which makes us failback to
disaster protocol for shared-RNG where we use the previous known one).
So if we adopt this, the IPs will have a fixed lifetime of 24 hours,
no less or no more (unless disaster).
On protocol failure, the latest edition of the shared-random proposal has the authorities generate a different, predictable value every 24 hours, based on the most recent successful shared-random value.
This is a mitigation which requires an adversary to occupy new points on the hash ring each day, even in a disaster scenario where those points are predictable slightly further in advance.
Tim