I have another question about this protocol.
The way that I've described it here,
does it actually provide authentication?
The possible answers are no, neither party is authenticated to the other one;
yes, that it authenticates the client to the server but not the server to the client;
yes, it authenticates the server to the client but not the client to the server;
or yes, it authenticates both parties to each other.
