Consider adding forward secrecy to onion encryption via ephemeral keys (e.g., using x25519). This might not be important depending on how often servers rotate their keys.