This protocol relies on the names being cryptographically strong and impossible to brute force. If it is possible to easily build a map of all names to their SHA-1 hash then all entries can be determined. Additionally if a client requests data from two different servers then it can see that they have the same entries even if they don't know what those entries are as there is no salting or similar used.
This is not to say that this implementation might not have good places where it can be used but it should carry a clear warning that it only provides protection in very limited circumstances.
This protocol relies on the names being cryptographically strong and impossible to brute force. If it is possible to easily build a map of all names to their SHA-1 hash then all entries can be determined. Additionally if a client requests data from two different servers then it can see that they have the same entries even if they don't know what those entries are as there is no salting or similar used.
This is not to say that this implementation might not have good places where it can be used but it should carry a clear warning that it only provides protection in very limited circumstances.