Encrypting SNI

Sushubh

Administrator
[OP]
Oct 29, 2004
417,032
12,940
Gurugram
Updating the status to acknowledge this.

There's work being done to support ESNI in BoringSSL/Chrome, though currently there are a number of things that need to get done before we can launch it. The ESNI spec in the IETF is still undergoing changes and updates, including fairly important robustness changes ( Improve ESNI robustness by davidben · Pull Request #124 · tlswg/draft-ietf-tls-esni ) before we'd feel comfortable with the spec being deployable, DoH support is still being sorted out/rolled out which is critical to get the ESNI records securely, and then we need to get ESNI support into BoringSSL and then Chrome.

We'll probably start having experiments/interop with others in the next quarter or so, and while we are planning/trying to get ESNI fully deployed this year in Chrome, we're prioritizing having a robust protocol for ESNI and then implementation instead of trying to rush it out.

To set expectations, most of our engagement on this topic will continue in the IETF TLS WG. For those curious about support for this feature, engaging in and participating in those highly technical discussions, is the best way to stay current.
Not coming to Chrome for a while.