Stop signing synthetic messages
Ultimately, the validity of a synthetic message is proved by a receipt from the message's hash to a directory anchor. Previously, the executor would accept a partial receipt and store the synthetic transaction on a pending list until the full receipt was received. Because the receipt could not be validated until it was completed, a malicious user could clog the system with spurious synthetic transactions. To prevent this, synthetic transactions also had to be signed with a validator key.
However since #3170 (closed) removed support for partial receipts, this is no longer necessary. A synthetic message must be accompanied by a complete proof, therefore the validator key signature is now redundant. Updating the system to support non-transaction synthetic messages is significantly complicated by these validator signatures since signatures are designed to sign transactions and do not readily support signing other types of messages.
So, stop signing synthetic messages.