The first attacks you describe are not MITM attacks. DNS (and registrar) attacks could be classed as a special type of MITM. They aren’t in the middle of your communications with the other host, but they are compromising your database fetch of the mapping from name to address.

Anyway, again, of course it would be good to get more verification, and indeed it is good to know you are talking to the same site.

For logon, however, what really makes the most sense would be not the signature of the site but the signature of the user. If the host provides a challenge in a login screen and the user signs the challenge, and at one point a public key was associated with the userid, then there is no password to fake out. And it offers you the option of keeping your private key in a personal device like your cell phone, so you can respond to login challenges even while on a compromised internet cafe terminal with trojan.

That’s not complete immunity as in the trojan could then hijack your session if it recognizes where you’re logging in to, but it’s a lot better. (My broker has the added security that they re-demand authentication when doing a transfer of a large sum of money. So I would be fairly secure there.)

Authenticating the site and then using a plain text password typed in is a poor way of attaining the real goal of authenticating the user. Doing both is best, of course.