Do we assume or not assume that the public keys were exchanged through a secure channel? The following sentence seems to imply the former.