The "middlebox problem" being discussed isn't the ability to install CAs on clients - the problem is that middleboxes don't implement the spec properly and prevent upgrading the protocol in the obvious way.
I'm not a big fan of transparent proxies, but in the case of employers there's at least a reasonable argument that the "computers are not the user's, they are the company's". There is NO good argument for middleboxes that don't implement the specification correctly and thus make it very hard to upgrade protocols.
TLS 1.3 doesn't eradicate RSA it just says you mustn't use it for key agreement. I'm guessing you knew that but just to be clear for anyone else reading. If your focus is getting rid of RSA entirely actually TLS 1.3 may even allow it to stick around a bit longer by reducing how nervous we are about it. If you care primarily about Forward Secrecy then sure, problem fixed.
'tptacek meant "RSA ciphersuites", not "RSA trapdoor function". The cipher suites that begin with TLS_RSA_* and used RSA encryption to pass key material from client to server, encrypted with the server's long term key (the key from the certificate).
I'm not a big fan of transparent proxies, but in the case of employers there's at least a reasonable argument that the "computers are not the user's, they are the company's". There is NO good argument for middleboxes that don't implement the specification correctly and thus make it very hard to upgrade protocols.