Not verifying Alice's ephemeral public keys is intentional? (Interactive DAKE)
Created by: cobratbq
Upon receiving an Identity message, we verify the public keys provided by Bob. (Point Y and public key B) However, upon receiving an Auth-R message we immediately continue using the public keys provided to us in the AUTH_R message. (See section "To verify an Auth-R message".)
Is this intentional? If so, why is this not needed, because the applications seem rather symmetric, so I don't see why one would be more trustworthy than the other.