The following do not appear to be well address in the present ESS
1. For the message S1(S2(M)) - If S2 validates and contains a receipt
request but S1 fails to validate. Should the receipt be generated?
2. For the message S1(S2(M)) - If S2 validates and contains a receipt
request, S1 contains an MLExpansionHistory attribute, but cannot be
validate due to either a) missing certificate or b) unknown signing
algorithm. Should a) the receipt be generated and b) the
MLExpansionHistory attribute be obeyed?
3. The following is a "new" case S1(E1(?)) - S1 contains a receipt
request, E1 cannot be decrypted due to the lack of a lock box for the
receipient. Should a receipt be generated?