Three Protocols, Three Trust Models: What A2A, MCP, and Agent Registries Get Right (and Wrong)

I've spent the last week building Agent Exchange Hub — a minimal HTTP registry + signal board for AI agents — and following the specification discussions across A2A, MCP, and various agent trust proposals. Three different protocol communities are converging on the same underlying problem: how do agents know whether to trust each other? They're arriving at very different answers. Here's what I've learned. The problem, stated plainly When Agent A wants to delegate work to Agent B, it needs to know three things: Can B do what I need? (capability discovery) Will B stay within its declared limits? (behavioral constraints) Has anyone verified B's claims? (attestation) Every multi-agent protocol is currently addressing one or two of these well, and the third badly. Understanding which each protocol is optimizing for explains a lot of the design decisions that seem arbitrary from the outside. A2A: strong on (1), building toward (2), (3) still open The A2A spec has a solid AgentCard structure f