Replace free-form verification failure strings with stable reason codes #13

New Issue

galambos · 2026-03-24T18:05:29+01:00

galambos commented

2026-03-24 18:05:29 +01:00

Proof-of-possession verification currently returns several free-form textual reasons such as "Invalid CSR", "CSR SPKI missing", "Unsupported CSR algorithm", and "Verification failed". This is visible in both BC-based and workflow-based PoP verifiers.

Why this matters

Highly regulated environments benefit from stable reason codes that can be audited, localized, mapped to UI/API responses, and used in policy analytics without brittle string comparison.

Acceptance criteria

Introduce stable reason-code constants or a reason enum-like model.
Keep optional human-readable text separate from machine-stable semantics.
Align both PoP verifier implementations.
Update tests and JavaDoc.

Proof-of-possession verification currently returns several free-form textual reasons such as "Invalid CSR", "CSR SPKI missing", "Unsupported CSR algorithm", and "Verification failed". This is visible in both BC-based and workflow-based PoP verifiers. ## Why this matters Highly regulated environments benefit from stable reason codes that can be audited, localized, mapped to UI/API responses, and used in policy analytics without brittle string comparison. ## Acceptance criteria - Introduce stable reason-code constants or a reason enum-like model. - Keep optional human-readable text separate from machine-stable semantics. - Align both PoP verifier implementations. - Update tests and JavaDoc.

galambos added this to the PKI Foundation Hardening and Regulated Operations Roadmap project 2026-03-24 18:56:06 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Egothor/ZeroEcho#13