Sorry, there seems to have been a misunderstanding; I completely agree with you. I thought you were asking "Why bother using sessions keys, rather than encrypt the whole message using RSA?". My bad.
You got downvoted, and maybe I've misinterpreted the thread, but my perception was:
* Parent commenter thinks messages should just use RSA, and not RSA+AES.
* You try to explain why he should use RSA+AES instead of RSA.
* He tries to post an analysis of why to use RSA-only.
Can I just step in to say: (a) using RSA only is way slower, like you said, and (b) it is significantly harder to make bulk RSA encryption secure than it is to make bulk AES encryption secure, just like you said?
