The serverCert WG are considering a ballot to update requirements for the use of DNSSEC (aka ballot to be SC-085)
cabforum/servercert#579
If passed similar requirements should be considered for the S/MIME BR.