Instead of endorsing any sort of a ATProto PDS or anything, I instead have it pointing to my ActivityPub (and other) identifiers in varying forms.
I'm probably the only [non-employee] user (or at least: one of very few) on Bluesky's infrastructure that has full custody and control over their own private keys for their did:plc identity, and yet I don't even have a Bluesky account. Unless I'm just uninformed of something buried somewhere allowing you to export at least one of your rotationKeys (not the signingKey, which is just for signing posts, etc). Because without that, you don't really control your identity at all, only Bluesky exclusively does.
Meanwhile, in this endeavor, I "only" had to:
Write a DAG-CBOR and CIDv1 encoder
Write a Multibase and Multikey encoder and decoder
Write a base58btc encoder/decoder
Write a base32 encoder
Write functions to compress and decompress a secp256k1 public key (involves crypto maths, for decompression)
Write some very adhoc ASN.1 DER encoding/decoding functions (just to encode a raw secp256k1 public key into PEM encoding, to feed to OpenSSL; and then extract the r and s values from the outputted signature from OpenSSL)
Write a function to generate a did:plc identifier, from the genesis operation
Write a lot of test code
With how scarcely some topics are documented, and how scattered many tidbits of info is: I swear some of this is almost intentionally a trap to sell consultancy.
