On Oct 31, 2025, at 07:54, Bruce Momjian <bruce@momjian.us> wrote:
> So it seems we have somewhat of a stand-off, with the Postgres project
> questioning the value of TDE and the PCI writers doubling-down on
> specifying disk-level encryption as insufficient.
PCI definitely exhibits a preference away from disk-level encryption, although it doesn't prohibit it: you have to make
surethat simply mounting the disk doesn't decrypt it. Their concern is that if user credentials are compromised, and
anattacker then has to do something else in order to see the plaintext. This kind of implies TDE, although they don't
usethat term.
Now, the road forks here:
1. If a customer wants TDE and isn't interested in hearing about other solutions, then TDE is only thing that will meet
thatgoal.
2. The PCI spec doesn't specifically offer up TDE as an alternative to disk-level encryption, though. It exhibits a
strongpreference for column-level encryption of sensitive data, which doesn't require TDE.
In some ways, there's no real point of discussion. You can comply with PCI without TDE (I would argue that, in fact,
youare in a better position with column-level encryption), but if the organization wants TDE, then the technical
argumentsrarely matter.
