Hello.
There are several moments in the way how Private Relay feature works which are not clear for me.
It's declared, that Ingress proxy knows only client IP, while Egress proxy knows only the server name of the DNS request. At the same time, there is a next slide in the session, which stays that subsequent communication between the client and Egress server happens through Ingress server.
The client must share server name with Egress. How is it guaranteed in this configuration, that Ingress server can't read server name while it stays in the middle? I assume it's achieved by TLS secured connection, which is part of HTTP/3 protocol. But this position of Ingress in the middle, in theory means that Ingress can read the secured traffic between the client and Egress. Just the way how it works in MitM attack, because the certificate check on the client side is also controlled by Apple.
Could you, please, comment on that?
With regards.