The problem is at two points:
1) We cannot (easily) install SSL certificates on the server as most sites are hosted, and this 'feature' costs $$$$
2) Webbrowsers actively discourage the use of non-signed certificates by showing flashy warning banners
The solution is to turn the current encryption / certification system upside down.
Instead of the web server providing the initial security , it should be the user requesting this.
1) A firefox / chrome plugin that generates an private/public key and advertises this through a HTTP header and provides encrypt/decryption of all information received.
2) A Apache/IIS module or even simple PHP library of that recognizes the HTTP header and completes the handshake.
A small PHP library would allow for very quick installation on Bulletin Boards, Wordpress etc.
The key is easy deployment.
This would provide security initially for a small group who cares -- and maybe an RFC standard later on.