Here once again a nice article on these two different systems to use cryptography in a seamless way. What I discovered recently is that there is a list of certificates of authorities that comes preloaded in every mail client. This gives an advantage to the users of these system to have already a degree of international trust. Here at EPFL, for instance, we have our own CE certificate but is not going to be recognized when you open a message signed by our system.

Now, who is going to decide which authorities are going to be trustable by default?