Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEsJg-002Eht-Fo for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 16:49:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vEsJf-00GP6L-E6 for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 16:49:30 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEsJf-00GP6D-3X for pgsql-general@lists.postgresql.org; Fri, 31 Oct 2025 16:49:30 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vEsJb-005HM6-2u for pgsql-general@postgresql.org; Fri, 31 Oct 2025 16:49:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=d29CgW9mkkBQQz6J6t5TP7Dw9pkUqZKiwYrA/MLGiB0=; b=Vf8Yz /s1fO6oPjcNZj33uvh9P6CvXAbGNtLzuT62gT3p/7GUpF4Bs7sP05j86snPiF8QSp3VdjWXghddeu lV6WO1vy8UENO6Zm8VG68YC8ftMihdAQ8aNLk8l68rfNzWlT+ZMMKFOP9f6YgV2fOHJAHS9gVcOUw ZIl0BabI4t379etPaQSwooQmCMDuTGToUOIHNM8CSOLxhctxIyUQPOYyy7ZVp96pLi539aT5PS+2E JdqDoKLZ9BwGElsUD4aLenD9ACjBZ4v8ZF7sPFJhWcifUeiY5x7M1JgzG3GX7t5PXL4fmCtEmHvg5 vyFZkxYiRgfhTg8Hjqssi3GXllbgA==; Received: from bruce by momjian.us with local (Exim 4.98.2) (envelope-from ) id 1vEsJZ-00000008zuG-0RU8; Fri, 31 Oct 2025 12:49:25 -0400 Date: Fri, 31 Oct 2025 12:49:25 -0400 From: Bruce Momjian To: Laurenz Albe Cc: Adrian Klaver , Kai Wagner , Ron Johnson , pgsql-general Subject: Re: Enquiry about TDE with PgSQL Message-ID: References: <045231b7bc903e51229aa2fd8e634bdf690aa4ff.camel@cybertec.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <045231b7bc903e51229aa2fd8e634bdf690aa4ff.camel@cybertec.at> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Oct 31, 2025 at 05:40:31PM +0100, Laurenz Albe wrote: > On Fri, 2025-10-31 at 08:21 -0700, Adrian Klaver wrote: > > Yeah, what I would like to know is how many of the data breaches > > actually grab directly from the storage versus getting it through the > > database or other software above the storage? It seems to me social > > engineering plays a bigger role in this. > > This is not about actual security considerations, it is about checkboxes. > Consequently, rational arguments are missing the point. I think the big question is that, now with the effective PCI spec disallowing only storage-level encryption, can we, as a project, continue to reject in-core TDE because it is a check-box item. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.