martinthomson
commented
3 years ago How does 422 (Unprocessable Content) sound in terms of saying "the content was unusable". We could go further and recommend the use of RFC 7807 if you think more detail is needed.
If the key identifier isn't known to the oblivious request resource, or the message can't be decrypted, it probably wants to send a clear signal. The signal is definitely not encapsulated at that point, so clients have limited options available to them.
As a first-order suggestion, a 4xx status code generally indicates to the client that it might want to review the information it used. However, more specific error codes might help in specific cases that we deem important or common. Top of the list: when the identified key has been decommissioned.