nostr:npub14aavhe5vfq60pqjnrhlw62rfakvt2uzm5g0mwzrcl0kmpud2kp7qxk72lh ActivityPub can use a transport protocol other than HTTPS (if you read the spec in a certain way). I wrote this document which describes self-authenticating activities:

https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md

I think it's a good stating point for p2p-ActivityPub.