The PR that describes the current design of whitelisting attachments by public keys, and the proposed changes for Corda 5, can be found here: https://github.com/corda/enterprise/pull/2191.
A summary of the proposed changes:
Update the logic that establishes what attachments are trusted to remove the distinction between contract and non-contract attachments.
Ensure that no "chains of trust" can be established, i.e. only those attachments uploaded by a trusted installer can be used to check if a new attachment should be trusted (this should already be the case, so may just need a little testing)
Add some tooling to allow the operator to view precisely what attachments are trusted (further described in the PR, under "Second Phase Design"