I vaguely recall there was some conversations about adapting X.509 to use DIDs or replacing X.509 with VCs for use in the TLS protocol. This work didn’t rise to a final paper at #RWOT Santa Barbara. You might want to investigate the repo in topics/ and drafts/
We actually are doing a project in which proofs are digitized using VC’s and in which the DID of the issuer (like for instance a municipality) is referencing a X.509 certificate but the holder does not have to.
This is only a step to a future in which all data is managed by holders and newer SSI solutions get used as these digital proofs can not be used to identify holders (you might still need to prove the verifier you are the one referenced in the proof through a social security number being part of the data that’s being issued as a set) and besides that, the proofs are not valid in court unless bundled with the X509 certificate in a XaDES type of document (ETSI TS 103 171), yet it is perfectly possible to generate such a document when you trust the certificate authority and get it afterwards and the DID is anchored to the issuer X509 certificate (the DID just includes its fingerprint) which is fine for government as the issuer (when really using the same certificate for all) for now.