Hansa must be able to download resources securely over HTTPS.
Ability to install server certificates for known providers.
Ability to allow anonymous hosts.
Ability to allow user to approve a newly found server cert via its fingerprint.
Detect and protect against changes in server certificates.
+all that applies to
No point attacking HTTPS until HTTP is solved.