> For its part, Tor expresses little sympathy for organizations using DPI to
> intercept users' connections
Given there is no way in the protocols to add gateway login capabilities for https connections, of course most corporate setups are doing DPI (and hotels and conferences do captive portals). That's the only way browser and protocol writers left to organisations which have untrusted guests on their networks, and need to check those guests are actually authorized guests.
And of course one you start doing dpi because that's the only safe way to ask 'do I know you' to web clients on your network, it can be abused in all sorts of interesting ways (in the Chinese sense).