I've started yet another project to solve "the right key" problem.

DetecTor is an open source project to implement client side SSL/TLS MITM detection, compromised CA detection and server impersonation detection, by making use of the Tor network.

In short, make use of the existing Tor network, perform multiple
connections to the destination server through multiple routes, check for consistency in the use of certificates, and either fail or proceed automatically, without user interaction.

The detailed description of the idea, including suggestions for the handling of edge cases, can be found at http://detector.io/

Looking forward to your feedback.