The problem with this method is that it requires a side channel. This is the real beauty of public key cryptography, you can negotiate a secure channel over an open channel. (*Authentication sold separately)
I don't get why this argument is used so often as if it was valid. Setting up a banking account and many other things require a secure side channel anyway - physical presence :)
This is the real beauty of public key cryptography, you can negotiate a secure channel over an open channel.
You still need sufficient shared information as a starting point to authenticate the other party, so that doesn't really avoid the need for a secure side channel. In practice we often trust that the baseline of certificates that come with a new device or built into a browser are sufficient for this purpose, but there is still an attack surface there and our existing CA infrastructure and processes are not perfect.