I don't see how it's possible, you must make the file available publicly (obviously encrypted) or make direct connection between Bob and Alice.
OP mentioned a problem regarding the direct connection:
But all the current methods, for the 99.99% of cases where neither party has access to an external IP or a NAT routeable address.. etc, use a centralised intermediary.
And in this case, a central server is one of the best solutions IMO.
Especially if the server (obviously with an own publicly routable IPv4 address) is hosted by alice or bob itself.
Without a publicly routable address, no direct connections can be established. You also can't get incoming connections on your bitcoin node without a publicly routable address.
But.. even if customer of major ISP's are sitting behind a NAT (mostly because all of them are short on IPv4 addresses), most of them do assign you a /64 network of IPv6 addresses.
And with IPv6 (given that both, alice and bob, are sitting behind a NAT and have an IPv6 address) a direct connection is possible again.
In this case a middle-man (doesn't matter whether centralized server or just a 3rd person used for routing) is not necessary.