Re: [PATCHES] Post-special page storage TDE support

On Fri, Dec 27, 2024 at 12:25:11PM -0500, Greg Sabino Mullane wrote:
> On Fri, Dec 27, 2024 at 10:12 AM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> The value of TDE is limited from a security value perspective, but high on
> the list of security policy requirements.  Our community is much more
> responsive to actual value vs policy compliance value.
>
>
> True. The number of forks, though, makes me feel this is a "when", not "if"
> feature. Has there been any other complex feature forked/implemented by so
> many? Maybe columnar storage?

That is a great question. We have TDE implementations from EDB,
Fujitsu, Percona, Cybertec, and Crunchy Data, and perhaps others, and
that is a lot of duplicated effort.

As far as parallels, I think compatibility with Oracle and MSSQL are
areas that several companies have developed that the community is
unlikely to ever develop, I think because they are pure compatibility,
not functionality. I think TDE having primarily policy compliance value
also might make it something the community never develops.

I think this blog post is the clearest I have seen about the technical
value vs.policy compliance value of TDE:

https://www.percona.com/blog/why-postgresql-needs-transparent-database-encryption-tde/

One possible way TDE could be added to community Postgres is if the code
changes required were reduced due to an API redesign.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.