Here's an interesting solution. CMU just put out a tool called Perspectives that runs public notary servers. The servers probe sites periodically to get a history of keys. This can go a long way toward determining whether there is a man-in-the-middle sending you a fake SSL certificate (because it will not match the history).
http://www.cs.cmu.edu/~perspectives/
(hat-tip Lauren Weinstein)
http://lauren.vortex.com/archive/000414.html