[snek]

If you're about to comment on how dumb this is because SNI isn't encrypted please halt and search "ESNI"

[gsich]

Draft only. OpenSSL doesn't support it - because it's still a draft. So as of now, ESNI does not provide anything.

[snek]

It is moving forward, albeit slowly. With or without DoH/DoT, non encrypted SNI is a problem, and DoH/DoT have privacy improvements in their own right.

[gsich]

"moving forward" doesn't help anyone. Standards and more importantly, implementations count.

In every DoH/DoT discussion there is someone who mentions ESNI, but without major level support this is a vague promise. Of course DNS encryption is still useful even without ESNI.