On Fri, Dec 27, 2024 at 12:25:11PM -0500, Greg Sabino Mullane wrote:
> On Fri, Dec 27, 2024 at 10:12 AM Bruce Momjian <bruce@momjian.us> wrote:
>
> The value of TDE is limited from a security value perspective, but high on
> the list of security policy requirements. Our community is much more
> responsive to actual value vs policy compliance value.
>
>
> True. The number of forks, though, makes me feel this is a "when", not "if"
> feature. Has there been any other complex feature forked/implemented by so
> many? Maybe columnar storage?
That is a great question. We have TDE implementations from EDB,
Fujitsu, Percona, Cybertec, and Crunchy Data, and perhaps others, and
that is a lot of duplicated effort.
As far as parallels, I think compatibility with Oracle and MSSQL are
areas that several companies have developed that the community is
unlikely to ever develop, I think because they are pure compatibility,
not functionality. I think TDE having primarily policy compliance value
also might make it something the community never develops.
I think this blog post is the clearest I have seen about the technical
value vs.policy compliance value of TDE:
https://www.percona.com/blog/why-postgresql-needs-transparent-database-encryption-tde/
One possible way TDE could be added to community Postgres is if the code
changes required were reduced due to an API redesign.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
