[judge2020]

> or every host name seen in SNI

Not going to be possible in a few years or so:

https://news.ycombinator.com/item?id=25344311

[dhaavi]

meh. The outer SNI and the IP address still tell a lot about what you are doing online.

[fiddlerwoaroof]

Also, with things like this, you can just reset connections using HTTPS features you don’t support. It might eventually become painful, but it’ll be fine for the near future. And, if enough enterprise middleboxes do this, the standards will be DOA.