Fair. I considered explaining that exception, but decided it was simpler not to. Of course someone is going to call me on it.
Arguably server_name isn't part of making sure who is who - the protocol doesn't care what you put in there, it's just that you can reasonably expect that if you say you wanted to talk to Charlie then you shouldn't be surprised if you get Charlie instead of Bob.
Eventually in eSNI the server_name will only be a bluff, since it's in plaintext and we'd rather not tell eavesdroppers who we're talking to, it will just have some generic masking name e.g. it might say some.cloudflare-server.example and then an encrypted record would reveal which actual Cloudflare server you wanted only to Cloudflare who are answering the connection.
Arguably server_name isn't part of making sure who is who - the protocol doesn't care what you put in there, it's just that you can reasonably expect that if you say you wanted to talk to Charlie then you shouldn't be surprised if you get Charlie instead of Bob.
Eventually in eSNI the server_name will only be a bluff, since it's in plaintext and we'd rather not tell eavesdroppers who we're talking to, it will just have some generic masking name e.g. it might say some.cloudflare-server.example and then an encrypted record would reveal which actual Cloudflare server you wanted only to Cloudflare who are answering the connection.