Why separate Gossip and RPC encryption methods?

Can someone explain why does Consul encryption use two separate methods? For example, Gossip encryption uses a shared key while RPC encryption uses PKI X.509 certificates.

Wouldn’t it be simpler and easier on secrets sprawl to have the option to encrypt all communications with the X.509 certificate?

I had the same query and looked up on the docs and this is what i found:)
TLS {for tcp} is used to secure the RPC calls between agents, but gossip between nodes is done over UDP and is secured using a symmetric key.{probably the reason perhaps}

Ahh… it’s udp that’s why. Makes sense now.