Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEsV6-002KLi-ER
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:01:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1vEsV5-00GTlS-0L
	for pgsql-general@arkaria.postgresql.org; Fri, 31 Oct 2025 17:01:18 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1vEsV3-00GTlJ-Ri
	for pgsql-general@lists.postgresql.org; Fri, 31 Oct 2025 17:01:17 +0000
Received: from fout-a3-smtp.messagingengine.com ([103.168.172.146])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1vEsUx-005HQK-2Q
	for pgsql-general@postgresql.org;
	Fri, 31 Oct 2025 17:01:16 +0000
Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42])
	by mailfout.phl.internal (Postfix) with ESMTP id 11AE3EC001C;
	Fri, 31 Oct 2025 13:01:09 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-02.internal (MEProxy); Fri, 31 Oct 2025 13:01:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1761930069;
	 x=1762016469; bh=2kWDSaeY+SPdo7begigeL0t+K1RiSd2f7YdM/WGGQgs=; b=
	Oy7kpYkzoEWg+ISSVeFe6YqGs4lophRSFPCtcsdnApLSnJ+694JyG6juruU3g6IW
	HP402WjNUCaulS/rQHvOQ6TnzB+UnDPSqckkHexJofw4noxfVTQNj9nnxzXSkkdW
	8/N7R4+hmq+VKFGGoc3VB0hQWYjUVGFQAunBQDr9njPe6VeUABx/jLOj8l2eEKrk
	DqW3h4uPym6wh3u9piSNTShks+J/TP/4gKqQS0M00KL2s4Fs8f1vcNS75lffm34D
	daLgJlB3avVMwgvqaTvWocCURM3pgE683cplXaqUWlQWi3oTfNEH3FDjCMQVzuHR
	WOFA9c2sjJ8+ifV1r1GuNg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1761930069; x=
	1762016469; bh=2kWDSaeY+SPdo7begigeL0t+K1RiSd2f7YdM/WGGQgs=; b=L
	9fN2cDLRPUwkD0vQ5MQaiWElGaMl6ESqpyfJbQmd7+8osF5IKbnGgZVIG1xBAYfW
	+PaiHLIVgJa69C0O/psoV2MwKln/uchAAuypLh76KPupchcJhpNWfmG6Yx8ehdYH
	EvUcBP9s632rS9ePCBZVCVGMCkZqh0yd0zIpRy3ldgykJmr20onweWsCSNNbPr17
	dqJA8bpfZrBfIF5XENZ3kWD7EQxWejbL6AqiJUTyGgT1I3f1FbrtcnYF5fSURIPA
	p8OsmWrM/+CcUQlBNm7Q+m8tljU/udXoFX+F0AdfRz/TaaxrJ9Oda7gE3OKspPiL
	+JJXtFgsEs18yqFIR35qA==
X-ME-Sender: <xms:VOsEae95X6qKuLfQLMrp9NM8CF3ZhoxiAOonPAXgmvBBYiEEkaUBJA>
    <xme:VOsEaaLyHUtR-HvPg0maEIxAn9ngR9flfc8km4GRMe_siFVeQCjq6gLcFlZhqgyAg
    yt89mX36AzBpLLvLqPalv6rWDrgaRAUbqRiad8dxn45rl96ew>
X-ME-Received: <xmr:VOsEaXjuAJXQ_TB_Dls6kGVlOcA1u8G-VCC07fAIQHcJbQpUP2-6oNk6KHnt2OXJQBYYm3kMAt1QQ9WlN3WVWmVCDTqTRA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddujedttdegucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtvdejnecuhfhrohhmpeetughrihgr
    nhcumfhlrghvvghruceorggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomh
    eqnecuggftrfgrthhtvghrnhephfeviefhveelffeftdehudekveefhfeftdegieefveet
    fffgfeehtdfftedutedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
    hilhhfrhhomheprggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomhdpnhgs
    pghrtghpthhtohephedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtoheplhgruhhrvg
    hniidrrghlsggvsegthigsvghrthgvtgdrrghtpdhrtghpthhtohepsghruhgtvgesmhho
    mhhjihgrnhdruhhspdhrtghpthhtohepkhgrihdrfigrghhnvghrsehpvghrtghonhgrrd
    gtohhmpdhrtghpthhtoheprhhonhhljhhohhhnshhonhhjrhesghhmrghilhdrtghomhdp
    rhgtphhtthhopehpghhsqhhlqdhgvghnvghrrghlsehpohhsthhgrhgvshhqlhdrohhrgh
X-ME-Proxy: <xmx:VOsEaa4_cknZX5oU08DvbkgVlsuEkBrENyULb6CZN292MLSwjgH55w>
    <xmx:VOsEafYDVibjKCtRiSAGKYq-y-6S9FpCjFYT8T-CjPvo86BT2VH0aQ>
    <xmx:VOsEaf7dlxqzXaMbkE0sM789-j_nfwbx2HD3MtJ4bmZ8REM7qDF-YQ>
    <xmx:VOsEaSB2WeO9ORDKKUZ9o3njmij0q8OETsOaE2MiRmRv_4eEr53teA>
    <xmx:VesEacM4ZgGfwAmMVQ5QLkvkDFyRobA6D-GeYK0CJSNPm44k2S8zy9gC>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
 31 Oct 2025 13:01:07 -0400 (EDT)
Message-ID: <c0bd6f34-c1c8-4d82-9b02-e78f6d0ee6f1@aklaver.com>
Date: Fri, 31 Oct 2025 10:01:07 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Enquiry about TDE with PgSQL
To: Laurenz Albe <laurenz.albe@cybertec.at>, Bruce Momjian
 <bruce@momjian.us>, Kai Wagner <kai.wagner@percona.com>
Cc: Ron Johnson <ronljohnsonjr@gmail.com>,
 pgsql-general <pgsql-general@postgresql.org>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
 <CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
 <CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
 <a1dae4a583d560a90c67872b766ead02ddb13e51.camel@cybertec.at>
 <aQPDvqUzZVKkaxsS@momjian.us>
 <CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
 <aQTNmM-3VeTRZdx0@momjian.us>
 <df60c2f9-21df-4c04-a33c-5ae8ec74d431@aklaver.com>
 <045231b7bc903e51229aa2fd8e634bdf690aa4ff.camel@cybertec.at>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <045231b7bc903e51229aa2fd8e634bdf690aa4ff.camel@cybertec.at>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/c0bd6f34-c1c8-4d82-9b02-e78f6d0ee6f1%40aklaver.com>
Precedence: bulk

On 10/31/25 09:40, Laurenz Albe wrote:
> On Fri, 2025-10-31 at 08:21 -0700, Adrian Klaver wrote:
>> Yeah, what I would like to know is how many of the data breaches
>> actually grab directly from the storage versus getting it through the
>> database or other software above the storage? It seems to me social
>> engineering plays a bigger role in this.
> 
> This is not about actual security considerations, it is about checkboxes.
> Consequently, rational arguments are missing the point.

Alright, been there.

Years ago I used to drive a delivery truck for wholesale greenhouse and 
one of my chores was to go to a remote greenhouse we operated and 
pickup/deliver plants. There was a whole process for securing the key 
that you used to open the entry door. I pointed out that the greenhouse 
walls where two layers of plastic inflated by an air blower and then I 
proceeded to pull out my pocket knife as an example of a 'universal' 
key. The door key process stayed because it made people feel the 
greenhouse contents where safe. FYI, things did get stolen though that 
was because folks left them outside and the thieves did not have to 
bother with a knife.


> 
> Yours,
> Laurenz Albe


-- 
Adrian Klaver
adrian.klaver@aklaver.com