"Corporate MITM" is built into the very idea of PKI. Running your own custom PKI is a completely valid way to operate a network. This is a feature because it allows anyone to establish their own trust tree, completely outside of the public certificate trust network.

"Regimes" sounds pejorative but in truth, companies have a duty and in many cases a legal obligation to protect their networks. Prima facie, I don't see any reason at all why interception of traffic in this circumstance is "bad," except maybe a potential for political misuse like any other written medium.

I actually think the reverse would be substantially worse: if _only_ the public trust chain was valid in major browsers, we would be completely hosed and there would be no distinguishing factor at all between remote attestation and trust.

Thus, corporate TLS interception is, at worst, a necessary byproduct of a very well chosen tradeoff.

And as a personal user, I also should have the right to intercept the traffic on my network.

I have a minor quibble with "my network". You should have the right to intercept the traffic originating or terminating at your devices, but not to intercept any traffic going between other people's devices just because it's on your network.

Then it wouldn't be my network anymore.

Should your ISP be able to MITM all of your traffic just because it's going over their network? If not, then what's the difference?

That's what I'm standing up for in this comment, but you've characterized it as opposition. I don't understand, perhaps you'd like to clarify.

I'm not opposing, just adding more context.