We consider communication sessions in which a pair of parties begin by running an au-thenticated key-exchange protocol to obtain a shared session key, and then secure successivedata transmissions between them via an authenticated encryption scheme based on the sessionkey. We show that such a communication session meets the notion of a secure channel protocolproposed by Canetti a...