On Fri, 2025-10-17 at 00:49 -0400, Ron Johnson wrote:
> On Thu, Oct 16, 2025 at 6:05 PM Greg Sabino Mullane <htamfids@gmail.com> wrote:
> >
> > TDE, on the other hand, is a very complex and difficult thing to add into Postgres.
>
> TDE was added to SQL Server, with (to us, at least) minimally-noticed overhead.
> Oracle has it, too, but I don't know the details.
>
> The bottom line is that requirements for TDE are escalating, whether you like it or
> not, as Yet Another Layer Of Defense against hackers exfiltrating data, and then
> threatening to leak it to the public.
Bruce Momjian has interesting things to say about that in
https://compiledconversations.com/6/ (unfortunately I don't remember where
exactly in this 84 minute piece).
It is a feature that users want (or need to comply with whatever they feel
they have to comply with). On the other hand, it has very limited technical
or security value, which hampers its acceptance into core.
Yours,
Laurenz Albe
