Just to add to that, doing it the PKI style is not the same as doing it out of band as you can send a signature as part of the noise handshake. It's just that Noise doesn't specify how to do it. But this is what I do for example in disco (www.discocrypto.com)