The point is to remain user-friendly while hiding the actual webservers, databases, and anything else that LE might want to take. An onion-routing proxy is easily setup and torn down and moved around quickly, making it a harder target for persistent surveillance.

How are .onion service providers supposed to communicate out to their users whether or not their site uses a certificate?

And, presuming they are able to do this, why not just use that communication channel to communicate the correct .onion URL to the user in the first place (thus removing the need for a certificate authority)?

EDIT: Perhaps it would make sense to create a separate URL type for Tor services whose keys are signed by a certificate authority? So the URL would become e.g. secure.smspriv6fynj23u6.onion, and the Tor browser would reject sites prefixed with “secure.“ that don’t have their key signed by a certificate authority. This way, an attacker must register with a certificate authority in order to phish a “secure.“ Tor site.

> Perhaps it would make sense to create a separate URL type for Tor services whose keys are signed by a certificate authority?

The onion IS a proof of key. If you use the whole onion address (which is a hash of the public key) then Tor requires that the hidden service be able to prove they own the private key. It's like a builtin CA.

The problem to me is that knowing someone has a key isn't as interesting as knowing that the person is a trusted source. And being anonymous takes some of the responsibility away.

It makes more sense to me that someone just use an HTTPS clearnet site and users who want to protect their own IP address can access it from Tor (it works just fine).

Protecting the site owners identity and then wanting to prove their identity to stop phishing attempts seems at odds to me.