I am not happy with the design of ESNI as in its current form it is not straightforward to implement as it relies on dns hackery. I would rather instead that the outer tunnel be encrypted using a cert for the IP address, and the inner tunnel as before using the cert for the domain. This is analogous to how EAP works with an outer and inner identity.
only reason esni is even usable now is because its with a cdn. one key works for hundreds of thousands of websites. having to request a different key for every website would be far too much hassle. its a shame whenever folks write about encryoted sni they never offer the user perspective of sni which is that the sni extension prioritises cost savings for websites and increased business for cdns over privacy for users. sni was never something users needed. it may have solved a problem for websites who didnt want to pay for dedicated ssl certs (arguably, this has since been better solved by lets encrypt), and created a business opportunity for cdns, but it has created a new problem for users.
