<Ul> <Li> The user trusts that the browser software correctly implements HTTPS with correctly pre-installed certificate authorities . </Li> <Li> The user trusts the certificate authority to vouch only for legitimate websites . </Li> <Li> The website provides a valid certificate, which means it was signed by a trusted authority . </Li> <Li> The certificate correctly identifies the website (e.g., when the browser visits "https://example.com", the received certificate is properly for "example.com" and not some other entity). </Li> <Li> The user trusts that the protocol's encryption layer (SSL / TLS) is sufficiently secure against eavesdroppers . </Li> </Ul> <Li> The user trusts that the browser software correctly implements HTTPS with correctly pre-installed certificate authorities . </Li> <Li> The user trusts the certificate authority to vouch only for legitimate websites . </Li> <Li> The website provides a valid certificate, which means it was signed by a trusted authority . </Li>

All web traffic is based on the https protocol