Key setup for secure channel
- exchange nonces
- Alices generates random key K for the secure channel
- Alice sends K encrypted by Bob’s public key
- Both Alice and Bob sign the transcript of the protocol.
- binds instance of the protocol to the nonces
- ensures that there is no man in the middle
Steps 2 and 3
are replaceable by Diffie-Hellman
(it is recommended to hash the result of DH).
This is also little bit better because it is forward secure.