Thank you for your feedback @mickiewicz
I suppose You assumes protection by HTTPS
I go much further. HTTPS only secures its communication but not its content. HAS protocol will use encryption extensively to validate the data exchanged between the parties.
It is important that the HAS server itself cannot access the content of the communications. If that was the case, it could easily modify the exchanged data and lure either the application or the Wallet app (PKSA).
do you plan to use the Hive chain to hold information about the valid HAS servers
This is a possible solution, but it is not planned at first.
the system will depend on external certification entities ?
No. The protocol was designed not to depend on any external entity and to allow full decentralization. It will work as we are used to with Hive API nodes. We can even imagine integrating HAS as a microservice deployed on each Hive API node.