diff --git a/ra/registration-authority.go b/ra/registration-authority.go
index 92669a6b4..505352a69 100644
--- a/ra/registration-authority.go
+++ b/ra/registration-authority.go
@@ -59,15 +59,11 @@ func (ra *RegistrationAuthorityImpl) NewRegistration(init core.Registration, key
 }
 
 func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization, regID int64) (authz core.Authorization, err error) {
-	if regID == 0 {
-		err = fmt.Errorf("Registration ID cannot be 0")
-	}
-
 	identifier := request.Identifier
 
 	// Check that the identifier is present and appropriate
 	if err = ra.PA.WillingToIssue(identifier); err != nil {
-		return
+		return authz, err
 	}
 
 	// Create validations
@@ -75,7 +71,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization
 	challenges, combinations := ra.PA.ChallengesFor(identifier)
 	authID, err := ra.SA.NewPendingAuthorization()
 	if err != nil {
-		return
+		return authz, err
 	}
 	for i := range challenges {
 		// Ignoring these errors because we construct the URLs to be correct
@@ -84,7 +80,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization
 
 		if !challenges[i].IsSane(false) {
 			err = fmt.Errorf("Challenge didn't pass sanity check: %+v", challenges[i])
-			return
+			return authz, err
 		}
 	}
 
@@ -100,7 +96,7 @@ func (ra *RegistrationAuthorityImpl) NewAuthorization(request core.Authorization
 
 	// Store the authorization object, then return it
 	err = ra.SA.UpdatePendingAuthorization(authz)
-	return
+	return authz, err
 }
 
 func (ra *RegistrationAuthorityImpl) NewCertificate(req core.CertificateRequest, regID int64) (core.Certificate, error) {
diff --git a/sa/storage-authority_test.go b/sa/storage-authority_test.go
index 2942b36a7..ac4bc339d 100644
--- a/sa/storage-authority_test.go
+++ b/sa/storage-authority_test.go
@@ -56,6 +56,9 @@ func TestAddRegistration(t *testing.T) {
 	test.AssertNotError(t, err, "Couldn't create new registration")
 	test.Assert(t, reg.ID != 0, "ID shouldn't be 0")
 
+	_, err = sa.GetRegistration(0)
+	test.AssertError(t, err, "Registration object for ID 0 was returned")
+
 	dbReg, err := sa.GetRegistration(reg.ID)
 	test.AssertNotError(t, err, fmt.Sprintf("Couldn't get registration with ID %v", reg.ID))
 
@@ -74,11 +77,15 @@ func TestAddRegistration(t *testing.T) {
 	test.AssertNotError(t, err, fmt.Sprintf("Couldn't get registration with ID %v", reg.ID))
 
 	dbReg, err = sa.GetRegistrationByKey(jwk)
-	test.AssertNotError(t, err, "Couldn't update registration by key")
+	test.AssertNotError(t, err, "Couldn't get registration by key")
 
 	test.AssertEquals(t, dbReg.ID, newReg.ID)
 	test.AssertEquals(t, dbReg.RecoveryToken, newReg.RecoveryToken)
 	test.AssertEquals(t, dbReg.Agreement, newReg.Agreement)
+
+	jwk.KeyID = "bad"
+	_, err = sa.GetRegistrationByKey(jwk)
+	test.AssertError(t, err, "Registration object for invalid key was returned")
 }
 
 func TestAddAuthorization(t *testing.T) {