I'd argue that in order to trust what's in your address bar, you have to have "verification": if you're not sure who's on the other end, you can't trust the address bar. Whether that knowledge comes from a PKI system like browsers use now or an SSH-style system is a separate issue.