| From: | Chris Travers <chris(dot)travers(at)gmail(dot)com> |
|---|---|
| To: | Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | "Clay Jackson (cjackson)" <Clay(dot)Jackson(at)quest(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-general <pgsql-general(at)postgresql(dot)org>, Kai Wagner <kai(dot)wagner(at)percona(dot)com>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
| Subject: | Re: Enquiry about TDE with PgSQL |
| Date: | 2025-11-01 04:18:43 |
| Message-ID: | CAKt_ZfuwPgG_nJHp6S=8k_+NdA6Op7hE0z7+s4-HuBqr1cnwsg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
I maintain that the way forward is to get TDE in core. Perhaps someone
could pick up the previous patches and try to push them again
Best Wishes,
Chris Travers
On Sat, Nov 1, 2025, 8:36 AM Christophe Pettus <xof(at)thebuild(dot)com> wrote:
> On Oct 31, 2025, at 17:24, Clay Jackson (cjackson) <Clay(dot)Jackson(at)quest(dot)com>
> wrote:
> >
> > I can't disagree - but the question them becomes, as Markus and other
> have pointed out; would that allow a customer/user to check the
> "Encryption" box for PCI or any other "compliance review"
>
> The answer is: it depends (doesn't it always?). Doing secure column-level
> encryption meets the PCI standard, and a competent PCI auditor will know
> that. However, TDE has this cache as being "the way one does it," and if
> the organization is that way, it's hard to move them off of it.
>
> As a sign of how the PCI world views TDE, at least one of the major credit
> card associations does not use it, and they have literally everyone's
> credit card number, with expiration date and CVV, sitting on their disks.
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kai Wagner | 2025-11-01 07:34:57 | Re: Enquiry about TDE with PgSQL |
| Previous Message | Christophe Pettus | 2025-11-01 01:35:52 | Re: Enquiry about TDE with PgSQL |