You are not simply substituting the origin with a phish, you are reading/modifying traffic by a third party without any possible detection from the server.
There are three parties. You, Me (the mitm) and your bank. (assuming your bank uses self signed, which it doesnt). Ive substituted my self-signed cert with the banks in your TLS handshake. I then reencrypt everything you send me to the bank. Bank can't distinguish you and I.
I think you're still misunderstanding MiTM attacks. There is no "third party". I'm not communicating with my intended recipient at all: I'm communicating with precisely one person, the phisher.
And this can only be "solved" with PKI if we have CA's who don't do the sort of thing outlined in this bug report. But we do.
The MitM is in the middle of something, no? You're "A", the site you intend to connect to is "Z", and the MitM is "M".
In this scenario, you're communicating with Z, while M listens in. Anything you send down the pipe can be transparently proxied by M and relayed to Z.
What mechanism can you use to verify the authenticity of the other end that can't be spoofed by M, now that they're inserted into the communication path?
You are not simply substituting the origin with a phish, you are reading/modifying traffic by a third party without any possible detection from the server.
There are three parties. You, Me (the mitm) and your bank. (assuming your bank uses self signed, which it doesnt). Ive substituted my self-signed cert with the banks in your TLS handshake. I then reencrypt everything you send me to the bank. Bank can't distinguish you and I.
We solve this with PKI and trusts.