[H8crilA]

I'm sorry, are you trolling? You pretend to be Bob to Alice, and Alice to Bob, at the same time. Real Alice and Bob never compute the same transcript digests, but it doesn't matter. As post handshake data is flowing you decrypt it and reencrypt, modifying what you want.

Or, imagine that there isn't even one legitimate Bob in the world. But Alice is still talking to someone who follows the protocol, and is indistinguishable from a real Bob. Is that possible?

[tialaramex]

I'm not trolling, I just don't think you've really thought about what "authentic" could mean if you don't have identity, which is a distinct problem.

For Alice there's no difference between a Bob whose identity you don't know and an Eric whose identity you don't know, they're each just another anonymous party.

Eric can't fool Alice and Bob into believing they're talking to each other, because they're using separate channels and identity systems will bind to the channel. Suppose Bob provides his identity, that's bound to the Eric-Bob channel, when Eric copies it to the Eric-Alice channel it's just obviously fraudulent, he could have made his own fraudulent claim of Bob's identity just as easily.