A web-socket based protocol that opens up a new SSL session with non-MITM'd certificates.
So you'd open up the snoop-me HTTPS/1.1 connection, do some GETs, then say "GET /busy, yo", and start what looks like a video-chat conversation that is in fact a regular SSL connection with uncompromised certs.
(some protocol) over SSL over Web-Socket over bad-SSL over TCP/IP
Ultimately, though it will be very hard to accept, crypto may be on the way out as a technology with any political impact. Governments currently accept the rapid increase in SSL because none of the politicians or regulators understand that it's possible to disable it at a country level, and nobody with any technical clue has been willing to point it out to them. But that situation isn't sustainable, as the Kazakh example shows. A sufficiently determined government won't care about minor details like user convenience. They'll just say "you either install our root cert, or you don't get to use the internet" and that's it. Game over. If even just one western country does it, the rest will all follow within a few years.