Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v9eTR-004ce1-10 for pgsql-general@arkaria.postgresql.org; Fri, 17 Oct 2025 07:02:00 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1v9eTP-000Kn8-E5 for pgsql-general@arkaria.postgresql.org; Fri, 17 Oct 2025 07:01:58 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1v9eTP-000Kmu-22 for pgsql-general@lists.postgresql.org; Fri, 17 Oct 2025 07:01:58 +0000 Received: from mail-ej1-x62e.google.com ([2a00:1450:4864:20::62e]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1v9eTL-002fXH-0s for pgsql-general@postgresql.org; Fri, 17 Oct 2025 07:01:57 +0000 Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-b48d8deafaeso328736966b.1 for ; Fri, 17 Oct 2025 00:01:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=google; t=1760684514; x=1761289314; darn=postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=dTV0aG0CtqtvyKD4R8FNMiSXlKRE2s25FiSfQFDJ49g=; b=r9ZGuheuFZc1f4XKAScOKXYxQ1ZOJuK7uHxRVCB32tRLD5zOwsCY4FGqXK7KtoSNGG xgCcctzOF0cMqueNxsMb/lWtCWTfxZr0gykGokSiXEBtnemBQN/yOGN6JrjZUw0cgUS6 UfTmAk/t+m7zUUttg4fig8nLL6CYbYIm1UCFRbTXiM3fhol4XKJoenfx82kzm0pQP1Qf AKjhCxy9qmRlhecsclxV2NL3tzS+msyF3ZGuj5hR7tgXXQ7t7dnyoqgQnb8UxMCgnGKn TgdOM3OuSJm+MKsH6Ovc92YgTwRRaihQjpqtl86N1pGNHoasx9XkWk+ctM2cpHVbItYp THaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760684514; x=1761289314; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=dTV0aG0CtqtvyKD4R8FNMiSXlKRE2s25FiSfQFDJ49g=; b=Rb/yKKuEqs1QOaTAt4lUItqEjYRiq8ZjpYT5UYFv7w9QnjbKKLwO1N0S+KVBSU/eFd VuPl5uS3jy7n2hgA4/BdU0hfdyTwU9pn43DHJGVgdbPPLtiyIYeDUDYKy5Qo/rxXTrIb IlUVyRwZ9CYhazjXEbUJVIM/qHnv/79USSg1gnKNJx79Tj6ZX72PQ80Jw+o4rdV0GPd6 psMvH0og44lTm39IiZFkpsM4P1Emk5cJtVVodXXGGYr79/E351+O4QoEx9vH7hh3iJDj zHTnCZYkVtLLpVZHNcNXWawbTpHXPLAvmvMuxoPzCuBk1H11i1CsO///cew2jYGDFF0z 2RvQ== X-Forwarded-Encrypted: i=1; AJvYcCW0+GSDYapdzR37UXxih2rbifXeke1gCjhewdIg7J5APHuwcy+ClrkE+GSm3UmemckSa4tFRfterBYbjK7P@postgresql.org X-Gm-Message-State: AOJu0YyeWr8MmrFjCobKEo1tTAicsym0urqJlEcgIMkoTSXk+j/4PGXH IQcnIT/nvjYSZLbzwvS+PpgozJ6MxGsShMKXn2OswemRQdTCGU1CXRwEo4kv5ukOBYg= X-Gm-Gg: ASbGnctwelLOYhiChUFCYXcPbhrxxqGm2J6H26Ryq950oHh058gkrSzS7ICNrVLu9nZ hfc1SKIshMEli4ZxQEgJtWLPSpsbx5e37vSmeZiPdXWslSd9mEMWyblHfg/HIJ/R3l6EBRqV8D1 tp+4fcHrPLVt5ybSxLmz9BEoVZIoZbVXuBcfR+QyDXkr1DojqLhPKDHrSo9pJZYsqV0ebEzlYef 8KS0S1yjD8wQcfXtZrK8q/9unCt/bqowP8eYdA6rTlkKB85R9+xLjgmZZDG7ep6VFmYP1CXItr8 LkIGypzgFKT1KzWNcG29j3X0XNw0aN8P1jdALOSPdSlxi2Q4BQYQ++rbN2y5OaV/0wHfVLpA3eu Os1W68B6Qc6P/UjMnf2ElZkLs8gaVXKlVjwMsvfGgdZKz9VO2Kfx7z6WKnzTL9y/u+yG4iy0K49 Ii4sQ6qP2yw/4OBblY8akxtSLkuoqI2Q== X-Google-Smtp-Source: AGHT+IE8/daKUNDIv/DFsujqFpmGQ5T8KjzBw7r4pevD4CY8g6DdJmmOtWhSmUBLpMns7XKvBzgYPQ== X-Received: by 2002:a17:907:c06:b0:b46:8bad:6977 with SMTP id a640c23a62f3a-b647235ff0emr320479366b.18.1760684513882; Fri, 17 Oct 2025 00:01:53 -0700 (PDT) Received: from laurenz.albe-K4N0CV00F97414D ([2001:871:70:67ae:d15b:e7de:415c:f77f]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-63c0eb3a235sm3179530a12.30.2025.10.17.00.01.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Oct 2025 00:01:53 -0700 (PDT) Message-ID: Subject: Re: Enquiry about TDE with PgSQL From: Laurenz Albe To: Ron Johnson , pgsql-general Date: Fri, 17 Oct 2025 09:01:52 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.56.2 (3.56.2-2.fc42) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote: > On Thu, Oct 16, 2025 at 6:05=E2=80=AFPM Greg Sabino Mullane wrote: > >=20 > > TDE, on the other hand, is a very complex and difficult thing to add in= to=C2=A0Postgres. >=20 > TDE was added to SQL Server, with (to us, at least) minimally-noticed ove= rhead. > Oracle has it, too, but I don't know the details. >=20 > The bottom line is that requirements for TDE are escalating, whether you = like it or > not, as Yet Another Layer Of Defense against hackers exfiltrating data, a= nd then > threatening to leak it to the public. Bruce Momjian has interesting things to say about that in https://compiledconversations.com/6/ (unfortunately I don't remember where exactly in this 84 minute piece). It is a feature that users want (or need to comply with whatever they feel they have to comply with). On the other hand, it has very limited technica= l or security value, which hampers its acceptance into core. Yours, Laurenz Albe