May I suggest that httpe:// would be an appropriate scheme for encrypted but not authenticated traffic? This would solve a number of use cases. I get very tired of clicking allow on self-signed certificates for internal sites, but I'm too lazy (and overworked) to set up my own CA and import the CA into every browser on every computer I use. Browsers could take it as a given that httpe:// traffic would be allowed for any certificate, since the principal purpose would be to ensure encryption, rather than to ensure authentication. Sites where authentication of the server is critical would continue to use the https:// URI scheme.