Hi Chris, I just did a quick test using Ethereal <http://ethereal.com/>, and it looks like the browser requests the server's certificate, then encrypts the data that it is sending.
Using Firefox 0.9.3 & Internet Explorer 6. Of course, if you're intending to put this into practice somewhere, I'd suggest a bit more testing :) As for your next question, I don't think it's possible to send cleartext over HTTPS at all. (mind you, I'm not the worlds greatest authority on HTTPS, so I might be wrong :p) On Wed, 11 Aug 2004 12:25:13 +1000, Chris Blown <[EMAIL PROTECTED]> wrote: > A discussion popped up here recently, and though its not really specific > to web standards, I still think its worthy of a bit of discussion on the > list. > > If you have a form that is served via standard http with its action set > to a https server, then one assumes that the UA will send an encrypted > post request. Or does it? -- Lindsay Evans http://lindsayevans.com/ ****************************************************** The discussion list for http://webstandardsgroup.org/ Proud presenters of Web Essentials 04 http://we04.com/ Web standards, accessibility, inspiration, knowledge To be held in Sydney, September 30 and October 1, 2004 See http://webstandardsgroup.org/mail/guidelines.cfm for some hints on posting to the list & getting help ******************************************************