> > > I don't think that performance is a reason to keep > > > the session after a switch because in the most > > > applications the amount of protocol switches is > > > quite small when compared to the total number of > > > requests within one protocol. > > > > A possibly stupid question -- is it possible to send graphics raw and > > text encrypted? > > > > Sure ... make your <img src="..."> URLs in the encrypted pages point at > absolute "http:" (not "https:") URLs of where the images are.
I'm thinking that shipping images raw and text under https might help those who are concerned about performance. Would this open other holes besides the booby-trap I mentioned below? Would shipping the images http open the entire transaction to snooping? > > (This could leave a trap for obscurationists who send confirmation codes > > as images, of course.) > > If you're going to switch from https->http, you are totally wasting your > time messing with https in the first place. It buys you nothing except a > *perception* that you are more secure -- that is not the reality. Am I way out in left field with this idea? -- Joel Rees <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
