No middle road to stop the man in the middle
What the Internet really needs is widely supported digital signature standards. Most content is not private - you just don't want anyone altering the content during transport. A really, really simple way to do this for HTTP 1.1 content would be to add a digest field to chunked encoding headers. You'd get backwards compatibility, streaming support, and an insignificant protocol overhead.