Authenticated Diffie Hellman Key Exchange

Authenticated Diffie Hellman Key Exchange

It appears that the textbook version of Diffie-Hellman is susceptible to man in the middle attack and the use of digital signatures could prevent this attack from occurring.

Digital signatures could be implemented during the Diffie-Hellman key exchange in the following way

1. Alice has a pair of public/private key (SKa,PKa).
2. Bob has a pair of public/private key(SKb,PKb).
3. Alice generates her secret key Ka uses her private key SKa to sign (g^Ka) to produce Signature s(m)
4. Alice uses Bob public key PKb to encrypt her secret key Ka.
5. Alice sends over encrypted Ka and s(m) over to Bob
6. Bob will use his private key SKb to decrypt encrypted Ka to get C and use Alice public key PKa on s(m) to get D
7. Bob authenticates by ensuring that the C == D

I have three questions with regard to this

1. Is this how authenticated diffie-hellman key exchange using digital signatures is normally done? If not, how is it normally done?
2. Why do we bother with this form of key exchange where the sender and receiver must send their keys to each other before using the combined key when we can just encrypt the key using the senders private key followed by the receiver public key and send it to the other party?
3. Are there any flaws with my implementation of authenticated Diffie-Hellman key exchange?