[zbyte64]

Which brings us back to trusting a 3rd party to not tamper with the key exchange...

[nailer]

Well yeah, that's why I addressed it in the post you're replying to. Offline key confirmation is still the best bet for most people, it's just that people don't use it because they don't use crypto because crypto tools are awful.