Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEzMo-005eG6-AG for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 00:21:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vEzMn-0027pC-7j for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 00:21:12 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vEzMm-0027p4-Tm for pgsql-general@lists.postgresql.org; Sat, 01 Nov 2025 00:21:11 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vEzMh-005Khs-0U for pgsql-general@postgresql.org; Sat, 01 Nov 2025 00:21:11 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=yClncAd4oztZb7YZXTPQG8fwD3LLBMUWLbKB5iiyBTo=; b=GAn7I hXmhGhgOPkHZg0pFVMyWZq4IQIBQw5RLQtNOxguaD5ZylUJaG+8+2pNcn68enlPo8NSWNqdEKWE4j 1mKP+zY+26IykbtgFgNAtwiiduocU0QQNYMLkFtDRWw9xJVOBGhKETyY9xnjzm1YXTNEex1hjps0U xFRYSlalSHhZ43zZbilUaMtxuGwiPzBjC1XCSzujuQ8K5n4VeKU1qOqeusVsjR6RBxKdxiI10ghID Hkm2jCbSjvO7T89hBqhLj10NS93CWhOBJ3ZrYuDoS88DdZ1QQiYI8co4tPhyWK0pZGNqNXq6uMH3e DVaGojbls071MHaJzSCWJRnyzNilQ==; Received: from bruce by momjian.us with local (Exim 4.98.2) (envelope-from ) id 1vEzMe-0000000Afcp-0Ei4; Fri, 31 Oct 2025 20:21:04 -0400 Date: Fri, 31 Oct 2025 20:21:04 -0400 From: Bruce Momjian To: Christophe Pettus Cc: pgsql-general , Kai Wagner , Laurenz Albe , Ron Johnson Subject: Re: Enquiry about TDE with PgSQL Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, Oct 31, 2025 at 05:16:09PM -0700, Christophe Pettus wrote: > On Oct 31, 2025, at 07:54, Bruce Momjian wrote: > > So it seems we have somewhat of a stand-off, with the Postgres > > project questioning the value of TDE and the PCI writers > > doubling-down on specifying disk-level encryption as insufficient. > > PCI definitely exhibits a preference away from disk-level encryption, > although it doesn't prohibit it: you have to make sure that simply > mounting the disk doesn't decrypt it. Their concern is that if > user credentials are compromised, and an attacker then has to do > something else in order to see the plaintext. This kind of implies > TDE, although they don't use that term. > > Now, the road forks here: > > 1. If a customer wants TDE and isn't interested in hearing about other > solutions, then TDE is only thing that will meet that goal. > > 2. The PCI spec doesn't specifically offer up TDE as an alternative to > disk-level encryption, though. It exhibits a strong preference for > column-level encryption of sensitive data, which doesn't require TDE. > > In some ways, there's no real point of discussion. You can comply > with PCI without TDE (I would argue that, in fact, you are in a better > position with column-level encryption), but if the organization wants > TDE, then the technical arguments rarely matter. I think column-level encryption, on the client side, actually does improve security and is preferable to file system level TDE, and I think many here feel the same way. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.