side note: they also support `did:web` identifiers, which (obviously) do not use that, making the dns the trust root. which is kinda fine, but i'm not sure if their frontend supports creating such accounts, and im not really willing to test that via atproto right now. but the issue is that the `did:web` identifiers will only work for as long as you have access to that domain, basically killing the whole point. and afaiu the protocol doesn't really support migration across did-s yet