I appreciate the research and suggestions. I'd be happy to review a patch submission to fix this. I'm not a mutt nor S/MIME user, so perhaps there may be some fallout from simple removal of email-only roots, if there are people using them. There's no way I know of to tell how many users use specific CAs, other than bug reports of "you moved my cheese!", but we could ask for testers :-)
-- Kind regards, Michael
