The client does not expose key verification to the user, all users of Tutanota must trust Tutanota to not provide forged keys and perform an MITM attack, this defeats the whole security model of Tutanota, rendering end to end encryption useless. To solve this problem, you must ensure users keep a local copy of a verified keys database, and make sure users do maintain that database and verify their public keys through a side channel such as a physical meeting or several other platforms. The current Tutanota solution does not provide any superior security to Gmail as you still trust Tutanota to not spy on their users by performing an MITM attack.