[Cryptography] So please tell me. Why is my solution wrong?

[Salz, Rich]

Your proposal does not seem useful to me. Phishing, as I understand it, is when you convince the victim to click on a bogus site.

But I can register fidelity.biz, and get a domain-validated certificate for that domain.  How will your system prevent Joe from being phished to try to login, give their name and password to my site, when they really should have gone to fidelity.com?