@happyborg ActivityPub can use a transport protocol other than HTTPS (if you read the spec in a certain way). I wrote this document which describes self-authenticating activities:
https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md
I think it's a good stating point for p2p-ActivityPub.