IMO they should split it.
They should offer (but not require you to accept) a unique signed client certificate to every registered voter. If you accept it, you can vote online exactly once in any election using that signed certificate. The deadline for online voting should be midnight BEFORE election day, but you should be able to check online to confirm how your vote was cast after the deadline. As long as you can check back later to make sure your vote didn't get lost/changed, and the software is open and strictly regulated and inspected to ensure that what you see is what's getting counted, I would trust that more than paper. The certificates can be set to expire automatically in a few years to force you to re-confirm that you're still alive, that you still live at the same address, etc.
For anyone who doesn't want to use the certificate, who loses it, or has it stolen (which you would notice immediately when you try to cast your vote online and it tells you that you've already cast your vote), you come in on election day and cast a paper ballot. Showing up in person on election day will automatically invalidate any online vote tied to your registration (it would happen when they verify your ID and check you off the list to prevent you from casting another vote).
If done right, this could be made even more secure than most bank web sites (my bank doesn't even offer client-side certificates for online access), and it would greatly increase voter turnout. Who wouldn't want to avoid taking time off from work, driving to the polls, and standing in line? It would also make the lines a lot shorter for those who prefer to come in person.