(First, thanks to everyone who has worked on gnus.  I haven't updated
for a while and have been running from old git in late 2013 (because it
worked).  I am trying to get S/MIME going and updated to the m0-13 tag.
I did not notice any trouble, which is great!)

I'm a longtime epg user with gnupg (coming from mailcrypt and then pgg),
and generally it works well.  I am now trying to get set up with S/MIME
to interact with some people who do encrypted mail that way, and finding
it harder than it seems I should.

Part of my problem is the mysterious "No CA configured" error.   That
seems to come from smime.el, but I've tried to configure the use of epg
and thus gpgsm, and that seems to actually work.

Specific questions:

0) I put in .emacs:

      (setq mml-smime-use 'epg)

Is that sufficient and appropriate to make gnus use epg/gpgsm for
S/MIME?

1) What is the thinking on the default for smime between epg/gpgsm and
openssl?  It seems to me that gpgsm is set up for passphrases and also
to mark keys/CAs trusted or not in a more flexible manner, so that seems
preferred.   But Simon wrote smime.el, so I don't want to jump to
conclusions.

2) Are people sure that there are no control flow leaks into the openssl
code when epg is configured?  I am set up for gpgsm, and verifying
messages that are from myself and signed or signed and encrypted seems
to work.  Verifying a message that is encrypted but not signed from
someone else gives the "No CA configured" error.  However, while doing
this, I see that gpgsm was run and openssl was not (from atimes on the
binaries).

3) When verifying openpgp/mime, I am notified of decryption status as
well as signatures, so that I know the message was encrypted.   I don't
see any hint of this with epg/gpgsm.  Any advice, other than figure it
out and send a patch?

Thanks,
Greg