Different Approaches

The first certification system in any standard was the X.509 Authentication Framework, designed by CCITT/ITU for the purpose of securing the X.500 Directory, and intended to work with a hierarchy of certification authorities.

This was adopted by the IETF for the purpose of Privacy Enhanced Mail (PEM), but anticipated as the Internet public key certification system. The PEM trust model (RFC 1422) defines additional restrictions to the generic X.509v1 in order to overcome weaknesses of X.509v1. In particular, it makes use of very strict certification hierarchies

PGP comes with a totally different approach, assuming that trust starts with bilateral arrangements and grows organically.

The first certification system in any standard was the X.509 Authentication Framework, designed by CCITT/ITU for the purpose of securing the X.500 Directory, and intended to work with a hierarchy of certification authorities.