Consider setting up a secure video call with somebody, and each of you reading the hash of your DH parameter to the other. It's really hard for a MITM to fake that - but if you don't know what the other person looks or sounds like, do you know it's really them, or did you just have an unbreakably secure call with the wrong person?
Whatever you deploy to define "somebody" should be used as authentication channel. You are exactly as secure as as you can define "somebody". Your al quaeda coworker probably has your never published public key. Your online-found busty and wet blonde is probably named Gordon. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com