I see it useful as part a layered strategy: X.509 certificates establish the authenticity of the server for that domain, while the SRP/PAKE would establish the authenticity of the legal entity you're actually trying to reach. In the case of a homoglyph-assisted phisher, this would prevent them from obtaining the real password or any credential that would be useful to attack the real target, and also warn the user not to trust them period. However, the current layering of HTTPS doesn't make it possible to enforce the use of secure password exchange, and so I think passkeys are a better solution, because they allow us to remove the password modality entirely.

I'm not entirely sure about how effective passkeys would be against homoglyph-assisted MITM though. Assuming you've visited the legitimate domain before and established your passkey at that time, your passkey wouldn't be selected by the browser for the fake domain. But if you started with the fake domain, and logged in through it using a non-passkey method (including first sign up or lost-credential recovery), then I would think the attacker could just enroll his own passkey on your behalf. Now, if we layered passkeys on top of mTLS, then we could almost entirely eliminate the MITM risk!

As you note, we already have a system that uses more appropriate cryptography (than a PAKE) to solve this: FIDO.

You've lost me at mTLS here. At some point it starts to feel like we're advocating for security protocols just so we can fit them all in somewhere.