Attached is one of three user safety proposals I'm trying to write.

This one in particular deals with self-signed and similar certificate errors, and basically double checks the cert over a new circuit. If they match, the user can bypass the certificate error page. If they don't, they can't bypass it.

-tom