Is it possible to use Session ID in Client Hello, which is obsoleted in TLS 1.3, to transfer enctypred SNI? If it looks random enough, attacker could't distinguish Session ID is encrypted SNI or not.
It may have some restrictions, for example, the SNI maybe couldn't longer than Session ID (32 bytes).
An another option is use TLS 1.3's PSK. It may break the limit of 32 bytes when using Session ID and able to transfer the whole Encrypted Client Hello, but it may more distinguishable compare with using Session ID.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
