Re: Enquiry about TDE with PgSQL
Adrian Klaver <adrian.klaver@aklaver.com>
From: Adrian Klaver <adrian.klaver@aklaver.com>
To: Bruce Momjian <bruce@momjian.us>, Kai Wagner <kai.wagner@percona.com>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>,
Ron Johnson <ronljohnsonjr@gmail.com>,
pgsql-general <pgsql-general@postgresql.org>
Date: 2025-10-31T15:21:18Z
Lists: pgsql-general
On 10/31/25 07:54, Bruce Momjian wrote: > On Fri, Oct 31, 2025 at 03:01:48PM +0100, Kai Wagner wrote: >> With the PCI DSS v4.1 standard, one key rule to comply with is, that "If PAN is > > Uh, I think you mean the 4.0.1 standard, which became active on January > 1, 2025. I am surprised this is only being mentioned now: > So it seems we have somewhat of a stand-off, with the Postgres project > questioning the value of TDE and the PCI writers doubling-down on > specifying disk-level encryption as insufficient. Yeah, what I would like to know is how many of the data breaches actually grab directly from the storage versus getting it through the database or other software above the storage? It seems to me social engineering plays a bigger role in this. -- Adrian Klaver adrian.klaver@aklaver.com