Currently, an error thrown by the BLS verification gets caught and a very generic Signature verification failed is thrown. In most cases, the reason for failure is that the IC public key is used though the message is signed by the local replica. However, in my case, a CSP directive prevented the loading of the wasm, but since this error was caught it took me quite a while to discover this reason:

CompileError: WebAssembly.instantiate(): Refused to compile or instantiate WebAssembly module because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-inline'"

It would be great if we would distinguish between this error and the typical failure to verify the signature.