You verify identity over the now-encrypted channel, just like SSL should have done 30 years ago but refused to for doctrinal reasons. And in the (frequent) cases where you don't actually care about the other party's identity you just don't verify it at all.