For de-vs mode it will be useful to distinguish between different Root CA. An additional flag along with a certchain compliance check can support this.
A use case for this is to allow the use of S/MIME for de-vs mode and for standard mode while clearly indicating compliant certificates. As of now all certificates matching compliant algorithms are indicated as compliant. The new flag could be used to distinguish between them.