Yes, I suppose such an attack is either what easymovet was proposing or at least it's the only application.
In a powerful sense what you've got in this case is two secure key exchanges, Alice to Mallory and Mallory to Bob.
Why this distinction? This is what enables us to use digital signatures to solve the identity problem in modern protocols. You encrypt the channel first using this shared secret even though you've no idea who you're talking to, and only then you may bind proof of your identity to this encrypted channel and/or look for proof of the other participant's identity.
If Mallory sits between Alice and Bob, there's no use taking the binding of Bob's identity to the Mallory-Bob channel and showing it to Alice on the Alice-Mallory channel because it's clearly for the wrong encrypted channel and Alice will know she isn't really talking (directly) to Bob.
In a powerful sense what you've got in this case is two secure key exchanges, Alice to Mallory and Mallory to Bob.
Why this distinction? This is what enables us to use digital signatures to solve the identity problem in modern protocols. You encrypt the channel first using this shared secret even though you've no idea who you're talking to, and only then you may bind proof of your identity to this encrypted channel and/or look for proof of the other participant's identity.
If Mallory sits between Alice and Bob, there's no use taking the binding of Bob's identity to the Mallory-Bob channel and showing it to Alice on the Alice-Mallory channel because it's clearly for the wrong encrypted channel and Alice will know she isn't really talking (directly) to Bob.