I think it would be possible to include additional data in the E2E handshake that would allow a third party to extract the session key.