On Aug 13 2008, Theodore Hong wrote: >An explicit list of the keys in the store does provide extra value for >the attacker over having an oracle that says whether or not a given >key is in the store. The attacker can use it to view the entire >plaintext contents of the store. It's the same as the difference >between 'r' and 'x' permission on a directory.
That would only be possible with the decryption half of the key, which the node doesn't usually have - AFAIK we're talking about whether the routing half of the key should be stored. Cheers, Michael
