What happened?

The specification does not make clear that A2A Servers have responsibility for checking server certificates when delivering responses through web hooks.
It would be beneficial to users to understand that certificate validation requirements are uniform regardless of synchronous or asynchronous delivery options.
This appears to be the intension, so filing on that assumption as a bug against the specification. Please correct me if I'm wrong!

Relevant log output

Code of Conduct

• I agree to follow this project's Code of Conduct