Your "well-thought combination of network authentication (802.1x + RADIUS), traffic shaping, and maybe limited VPNs" is a deployment nightmare (and is getting worse the bigger your organisation is) which is why big orgs just use interception instead (which can be deployed easily and solves their problems even if it has ugly privacy side-effects).
But feel free to communicate your thoughts to the httpbis ietf workgroup.
(btw the current http/2 discussions would make an interesting lwn article topic)
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds