Message payload should be signed

To prevent rogue clients/pillars/messaging systems from spoofing messages, the message payload shoud be signed by the sender.

This requirement is somewhat misplaced, as it concerns the message payload rather than the messaging system.