My impression is that the behavior of RSET has never been defined with respect
to authentication, and that the Right Thing for RSET to do with respect to
authentication is absolutely nothing.
A separate question is whether RSET affects anything in an SMTP extension.
It's easy to say that RSET doesn't affect extensions, but I doubt that's the
right tack. RSET should definitely affect CHUNKING, for instance. But I think
RSET should only affect the current message being sent.
With respect to authentication, it's arguable that there should be some way to
"logout" without ending the current TCP session. But that would have to be a
separate SMTP extension.