On Fri, Oct 17, 2025 at 3:01 AM Laurenz Albe <[email protected]> wrote:
> On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote: > > On Thu, Oct 16, 2025 at 6:05 PM Greg Sabino Mullane <[email protected]> > wrote: > > > > > > TDE, on the other hand, is a very complex and difficult thing to add > into Postgres. > > > > TDE was added to SQL Server, with (to us, at least) minimally-noticed > overhead. > > Oracle has it, too, but I don't know the details. > > > > The bottom line is that requirements for TDE are escalating, whether you > like it or > > not, as Yet Another Layer Of Defense against hackers exfiltrating data, > and then > > threatening to leak it to the public. > > Bruce Momjian has interesting things to say about that in > https://compiledconversations.com/6/ (unfortunately I don't remember where > exactly in this 84 minute piece). > > It is a feature that users want (or need to comply with whatever they feel > they have to comply with). On the other hand, it has very limited > technical > or security value, which hampers its acceptance into core. > I gave you a reason: "Yet Another Layer Of Defense against hackers exfiltrating data". It's the same reason PgBackRest encrypts backups. -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster!
