Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEzIG-005cno-Kd for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 00:16:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vEzIF-0022mU-IN for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 00:16:30 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEzIF-0022mM-7v for pgsql-general@lists.postgresql.org; Sat, 01 Nov 2025 00:16:30 +0000 Received: from smtp109.iad3a.emailsrvr.com ([173.203.187.109]) by makus.postgresql.org with smtp (Exim 4.96) (envelope-from ) id 1vEzIB-004oiB-3C for pgsql-general@postgresql.org; Sat, 01 Nov 2025 00:16:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=g001.emailsrvr.com; s=feedback; t=1761956187; bh=l0QO8g2LSPBq82ftJ87Dp6CgIqQdB1H7IIsOCO1H+9Q=; h=Subject:From:Date:To:From; b=UD+XD7qZCuDoLxKFq7LwJHY30ZgB7GoUtvodBactWIShHOJ89NuFx3AUWAbjYrSTJ 8gGBFm8lDro7u+Ff1nCSMhS4gd4TCB8VOBwb8EaqbhkipHDoYqq4ODOtUFMEmFxHML N5xMO9fjUGr4m1uxiF3kuLIJ78qU6epbhB5slPOg= X-Auth-ID: xof@thebuild.com Received: by smtp14.relay.iad3a.emailsrvr.com (Authenticated sender: xof-AT-thebuild.com) with ESMTPSA id 733942395A; Fri, 31 Oct 2025 20:16:26 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.4\)) Subject: Re: Enquiry about TDE with PgSQL From: Christophe Pettus In-Reply-To: Date: Fri, 31 Oct 2025 17:16:09 -0700 Cc: Kai Wagner , Laurenz Albe , Ron Johnson , Bruce Momjian Content-Transfer-Encoding: quoted-printable Message-Id: References: To: pgsql-general X-Mailer: Apple Mail (2.3776.700.51.11.4) X-Classification-ID: cc83887f-8f18-4f8e-b389-c7bdd595f8a5-1-1 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Oct 31, 2025, at 07:54, Bruce Momjian wrote: > So it seems we have somewhat of a stand-off, with the Postgres project > questioning the value of TDE and the PCI writers doubling-down on > specifying disk-level encryption as insufficient. PCI definitely exhibits a preference away from disk-level encryption, = although it doesn't prohibit it: you have to make sure that simply = mounting the disk doesn't decrypt it. Their concern is that if user = credentials are compromised, and an attacker then has to do something = else in order to see the plaintext. This kind of implies TDE, although = they don't use that term. Now, the road forks here: 1. If a customer wants TDE and isn't interested in hearing about other = solutions, then TDE is only thing that will meet that goal. 2. The PCI spec doesn't specifically offer up TDE as an alternative to = disk-level encryption, though. It exhibits a strong preference for = column-level encryption of sensitive data, which doesn't require TDE. In some ways, there's no real point of discussion. You can comply with = PCI without TDE (I would argue that, in fact, you are in a better = position with column-level encryption), but if the organization wants = TDE, then the technical arguments rarely matter.=