Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, this is easily the biggest flaw in CAA - there is no way to discover which policy broke your access. I have reported this to Google multiple times, even sent this directly to a Google SecEng (a well known one) to route internally. The issue persists and makes configuring CAA extremely painful and error prone.


I am convinced there's someone who thinks debuggable security policies are a security risk and deliberately designs security APIs to be as inscrutable as possible.


It's possible but I suspect it's just Google being a rather incompetent organization.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: