Use Noise Protocol for synchronous peer-to-peer agent sessions, Signal Protocol (X3DH + Double Ratchet) for asynchronous messaging where agents may be offline, and MLS (RFC 9750) for encrypted group communication across agent fleets. TLS 1.3 remains the right choice when interoperability with existing HTTP infrastructure is required. Each protocol was designed for a different communication shape — using the wrong one adds complexity without adding security. Why standard TLS is not enough for agent-to-agent communication TLS was designed for the client-server model: a browser connects to a server, the server proves its identity with a certificate, and the session ends when the response is delivered. Agent-to-agent communication breaks every one of these assumptions. Agents are peers, not clients and servers. Both sides need to prove identity simultaneously. TLS supports mutual authentication via client certificates, but it treats that as an add-on rather than a first-class primitive.…