Re: [PATCHES] Post-special page storage TDE support

On Fri, Dec 27, 2024 at 12:25:11PM -0500, Greg Sabino Mullane wrote:
> On Fri, Dec 27, 2024 at 10:12 AM Bruce Momjian <bruce@momjian.us> wrote:
> 
>     The value of TDE is limited from a security value perspective, but high on
>     the list of security policy requirements.  Our community is much more
>     responsive to actual value vs policy compliance value.
> 
> 
> True. The number of forks, though, makes me feel this is a "when", not "if"
> feature. Has there been any other complex feature forked/implemented by so
> many? Maybe columnar storage?

That is a great question.  We have TDE implementations from EDB,
Fujitsu, Percona, Cybertec, and Crunchy Data, and perhaps others, and
that is a lot of duplicated effort.

As far as parallels, I think compatibility with Oracle and MSSQL are
areas that several companies have developed that the community is
unlikely to ever develop, I think because they are pure compatibility,
not functionality.  I think TDE having primarily policy compliance value
also might make it something the community never develops.

I think this blog post is the clearest I have seen about the technical
value vs.policy compliance value of TDE:

    https://www.percona.com/blog/why-postgresql-needs-transparent-database-encryption-tde/

One possible way TDE could be added to community Postgres is if the code
changes required were reduced due to an API redesign.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.