Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEsa3-002MuT-52
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:06:26 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEsa1-00Ga6T-V5
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:06:25 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <bruce@momjian.us>)
	id 1vEsa1-00Ga6K-Kn
	for pgsql-general@lists.postgresql.org; Fri, 31 Oct 2025 17:06:24 +0000
Received: from momjian.us ([72.94.173.45])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <bruce@momjian.us>)
	id 1vEsZy-004lgr-39
	for pgsql-general@postgresql.org;
	Fri, 31 Oct 2025 17:06:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us;
	s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
	Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID:
	Content-Description; bh=op7Iz8OQBFM7DVzPjP3eAKQZwxjRgfO/oO6IM6OFCws=; b=fHQul
	Uu727qAPh2CSuLDXAuI0Yed4ZWZlktpzYbKzSunKS/9Br8zCCsFyN0gMpi4J+9H19wa67reydTnuA
	B4bn+09mH8vE9gAOr+rSTYyotkkx7rHYpqety6kxbkG0386l4GSNNy1amKdMjV7n6GEYItG48ozYJ
	tZp2qG0zxnb7iSLfJc+Z3dSnrfKzZFP9sTOH7z69fj+vfE6M0/Y1JIDHCLa95A2qzc2Lpbpbqh8XD
	/tXq4aTy4V72aFwdL0wyjGHdTvivQ7GcDOuFDy96GkFz8lgKx/3rO37APsveBsBLlFc2TP6zT7C+m
	n78FDAUNqLMPQGvYLWfiuWwQBvOqg==;
Received: from bruce by momjian.us with local (Exim 4.98.2)
	(envelope-from <bruce@momjian.us>)
	id 1vEsZx-000000094IR-1ENB;
	Fri, 31 Oct 2025 13:06:21 -0400
Date: Fri, 31 Oct 2025 13:06:21 -0400
From: Bruce Momjian <bruce@momjian.us>
To: Christophe Pettus <xof@thebuild.com>
Cc: Adrian Klaver <adrian.klaver@aklaver.com>,
	Kai Wagner <kai.wagner@percona.com>,
	Laurenz Albe <laurenz.albe@cybertec.at>,
	Ron Johnson <ronljohnsonjr@gmail.com>,
	pgsql-general <pgsql-general@postgresql.org>
Subject: Re: Enquiry about TDE with PgSQL
Message-ID: <aQTsjVoYDWU2GaLJ@momjian.us>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
 <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
 <CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
 <a1dae4a583d560a90c67872b766ead02ddb13e51.camel@cybertec.at>
 <aQPDvqUzZVKkaxsS@momjian.us>
 <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
 <aQTNmM-3VeTRZdx0@momjian.us>
 <df60c2f9-21df-4c04-a33c-5ae8ec74d431@aklaver.com>
 <E94D3E44-8BF5-45F8-9497-3918A8488706@thebuild.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E94D3E44-8BF5-45F8-9497-3918A8488706@thebuild.com>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/aQTsjVoYDWU2GaLJ%40momjian.us>
Precedence: bulk

On Fri, Oct 31, 2025 at 10:04:35AM -0700, Christophe Pettus wrote:
>
>
> > On Oct 31, 2025, at 08:21, Adrian Klaver <adrian.klaver@aklaver.com>
> > wrote:  Yeah, what I would like to know is how many of the data
> > breaches actually grab directly from the storage versus getting it
> > through the database or other software above the storage?
>
> Essentially zero.
>
> PCI, like a lot of data security standards, are a magpie's assemblage
> of things that the authors have heard about all of which sound
> "secure" to them.  However, since these particular magpies have
> machine guns (metaphorically) and can do serious damage to businesses,
> we must play along with the masquerade.

Yes, we have been avoiding the masquerade for years.  The question is
can we continue.  From the lack of discussion since April 1, 2025, it
seems the answer is yes.


-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.