Re: What are VCs similar to?

Michael – there is no question that you can add properties to an X.509 cert…as you say, folks have been doing it for quite some time.   What I called out, which is a key part of a VC (and the protected headers of a *AdES package), is that those properties are tamper-evidently secured.


From: Michael Herman (Trusted Digital Web) <>
Date: Monday, August 23, 2021 at 10:02 AM
To: Leonard Rosenthol <>, Henry Story <>
Cc: public-credentials ( <>
Subject: RE: What are VCs similar to?
RE: you can’t attach other data in a tamper-evident way, to a cert.

I believe you actually can (but may be wrong at the edges).

Back in 2002, as a founding Groove Networks business partner, I built a software licensing key solution called Parallelspace Softpass that uses custom properties in X.509 certificates to encode the software license for a specific application, specific edition of the apps, specific up-sell options, etc. to run on specific computers.  We used the Certificate Authority service on a Windows Server 2000 box. We used the default Windows CA web GUI to initiate the creation of each cert and then used some sort of Windows CA command line tool to add our custom properties.  Then went back into the Windows CA web GUI to issue and download the physical X.509 certificate (as well as our own root certificate) and we would email these as plain old attachments to our customers.

For historical interest, attached is a copy of the Parallelspace SoftPass programmers' guide.

But even cooler, it appears that in 2002 I had a sense for what a “decentralized software solutions business ecosystem” might be comprised of (from page 6)…


I guess I’ve been working on decentralized software solutions for 19 years. 😉 😊

Best regards,
Michael Herman
Far Left Self-Sovereignist

Self-Sovereign Blockchain Architect
Trusted Digital Web
Hyperonomy Digital Identity Lab
Parallelspace Corporation


From: Leonard Rosenthol <>
Sent: August 23, 2021 7:28 AM
To: Henry Story <>; Michael Herman (Trusted Digital Web) <>
Cc: public-credentials ( <>
Subject: Re: What are VCs similar to?

I would argue that a VC is *NOTHING* like an X.509 cert….  It is, instead, some piece of data *signed by* an X.509 cert.

Consider that you can’t sign things with a VC and you can’t attach other data in a tamper-evident way, to a cert.   If anything, a VC is more like a CAdES or XAdES-encoded blob of data.


From: Henry Story <<>>
Date: Monday, August 23, 2021 at 7:03 AM
To: Michael Herman (Trusted Digital Web) <<>>
Cc: public-credentials (<>) <<>>
Subject: Re: What are VCs similar to?

> On 23. Aug 2021, at 11:49, Michael Herman (Trusted Digital Web) <<>> wrote:
> If you assume a simple definition of a Verifiable Credentials platform as a set of data models and protocols for creating and verifying verifiable data packets and their exchange between 2 or more software agents (don't get hung up on the specific wording), what existing protocols/platform standards, in your mind, are the most similar to VCs (at a top-level)?
> - DNS?
> - TCP packets?
> - SOAP messages?
> - something else?

X509 Certificates (with 40 years of tech improvements added to them).

A Verifiable Claim is just a signed content, and the big leap of VC stack is that
it is built on well defined, open, extensible logics.


> Michael Herman
> Get Outlook for Android

Received on Monday, 23 August 2021 14:44:04 UTC