Using HTTPS is not the solution when the only thing people see is that some trusted certificate was used. If a trusted Certificate Authority was compromised or issued `fake' certificates for government spy agencies, the target wouldn't know that a MITM attack has occurred because the little green icon is showing just fine.
However, if we had something like a GPG content encoding, if the site hasn't already been trusted by the user, red flags will immediately be showing.
Like as like not, with the proliferation of CAs which exist, MITM attacks are easier than ever because people have been conditioned to trust HTTPS.