Says the guy who did not even know that all these reverse proxies like Cloudflare does TLS termination on the edge.

You’re glossing over that these third parties C are contracted trusted parties of entity B and thus for B’s purposes are considered part of B.

HTTPS and transport security isn’t a broken idea.

Standardized content security has been tried in many contexts and has typically been even less secure unless it’s for long lived opaque media, like S/MIME for emails. Structured data like XML security has been abysmal.