Thank you for your long answer. Very very useful. It is almost everything clear even to a newbie like me.
-
ok! Got it!
-
the encrypted dns request to the DNS resolver (cloudflare, Quad9, etc) is sent after a three way handshake with the resolver server itself, which then sends its public key (certificate) to enable the client to encrypt the dns request? Got it right?
-
basically the same question as above. Once I have the IP address of the site I want to visit, I initialize a three way handshake with it (the server of course), then I send the http/uri in an ecrypted IP packet. Correct? A reverse proxy (if any) can possibly read a subdomain in the uri to correctly process and address it to the “right way”. I’d like to find a graphic representation of what an IP packet looks like just after a three way handshake with the server.
Thank you again