> You continue to be dense. Do you really think people in corporate admin have no access to confidential data? Do you really expect them to work without Internet access? When a lot of them are supposed to interact with the external environment? (and that's just one example)
From a security standpoint if your data is really sensitive, you put it on a computer without internet access, in a very isolated, preferably physically isolated, network. If you need internet access to work, you do that from another computer on the side.
If your data is mildly sensitive, you can have "logical" "firewall" protections around it. But if you get cracked (and those guys get cracked all the time...) you can only look sad.
> After the https handshake there is no obligation to use http at all inside the tunnel
after http header there is no obligation, too.
In any case, the Internet routes around the damage, and this means that MITM can be easily detected via client certificates: before logon, server issues a challenge, proxy cannot sign the challenge with valid client certificate, access denied. If MITMing https proxies start becoming the norm, they will be routed around.