public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Christophe Pettus <[email protected]>
Cc: pgsql-general <[email protected]>
Cc: Kai Wagner <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: Ron Johnson <[email protected]>
Subject: Re: Enquiry about TDE with PgSQL
Date: Fri, 31 Oct 2025 20:21:04 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
<CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
<CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
<[email protected]>
<[email protected]>
On Fri, Oct 31, 2025 at 05:16:09PM -0700, Christophe Pettus wrote:
> On Oct 31, 2025, at 07:54, Bruce Momjian <[email protected]> wrote:
> > So it seems we have somewhat of a stand-off, with the Postgres
> > project questioning the value of TDE and the PCI writers
> > doubling-down on specifying disk-level encryption as insufficient.
>
> PCI definitely exhibits a preference away from disk-level encryption,
> although it doesn't prohibit it: you have to make sure that simply
> mounting the disk doesn't decrypt it. Their concern is that if
> user credentials are compromised, and an attacker then has to do
> something else in order to see the plaintext. This kind of implies
> TDE, although they don't use that term.
>
> Now, the road forks here:
>
> 1. If a customer wants TDE and isn't interested in hearing about other
> solutions, then TDE is only thing that will meet that goal.
>
> 2. The PCI spec doesn't specifically offer up TDE as an alternative to
> disk-level encryption, though. It exhibits a strong preference for
> column-level encryption of sensitive data, which doesn't require TDE.
>
> In some ways, there's no real point of discussion. You can comply
> with PCI without TDE (I would argue that, in fact, you are in a better
> position with column-level encryption), but if the organization wants
> TDE, then the technical arguments rarely matter.
I think column-level encryption, on the client side, actually does
improve security and is preferable to file system level TDE, and I think
many here feel the same way.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
view thread (36+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Enquiry about TDE with PgSQL
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox