!!! Overview
[{$pagename}] ([ENSI]) is an [Internet Draft] titled "Encrypted Server Name Indication for [TLS 1.3]" 

[{$pagename}] is a method to provide [Encryption] for [Server Name Indication] ([SNI])


[TLS 1.3] [RFC 8446] encrypts most of the handshake, including the server [certificate], there are several other channels that allow an on-path attacker to determine the [DNS Domain] the [client] is trying to connect to, including:
* [Cleartext] client [DNS] queries.
* Visible server [IP Address]es, assuming the the server is not doing domain-based virtual hosting.
* [Cleartext] [{$pagename}] ([SNI]) [RFC 6066] in [ClientHello] messages.

[Issues and Requirements for SNI Encryption in TLS] [Internet Draft] describes the general problem of encrypting the [Server Name Indication] ([SNI]) [TLS] parameter.  The proposed solutions hide a Hidden Service behind a fronting service, only disclosing the SNI of the fronting service to external observers.  The draft lists known [attacks] against [SNI] encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future [TLS] layer solutions.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Encrypted Server Name Indication for TLS 1.3|https://datatracker.ietf.org/doc/draft-ietf-tls-esni/|target='_blank'] - based on information obtained 2020-01-11 
* [#2] - [Encrypt it or lose it: how encrypted SNI works|https://blog.cloudflare.com/encrypted-sni/|target='_blank'] - based on information obtained 2020-01-11