NIST 800-63B 5.2.5 Verifier Impersonation Resistance
A verifier impersonation-resistant authentication protocol SHALL establish an
authenticated protected channel with the verifier.
It SHALL then strongly and irreversibly bind a channel identifier that was
negotiated in establishing the authenticated protected channel to the
(e.g., by signing the two values together using a private key controlled by the
claimant for which the public key is known to the verifier).