(Of course, for SSL the alternative is to either use self-signed keys, meaning "terrify and irritate users with a repeating security alert", or increase the price of your product by $400 per unit in order to pay the Verisign Tax.)
That's where the LittleBlackBox project comes in. [...] She can feed it a network capture file of Alice and Bob's router traffic and it will find the public certificate exchange and automatically look up the corresponding private key for her. She can give it the host name or IP address of Alice and Bob's router, and it will retrieve the public certificate from the router and look up the corresponding private key for her. She can... well, you get the picture.