adityasaky
commented
4 years ago We've specifically addressed the pitfalls that can occur with non static resources and included warnings. The accepted version of the ITE can now be found at https://github.com/in-toto/ITE/blob/master/ITE/4/README.adoc.
In a review of PR #6 for ITE-4, @JustinCappos raised some important points about situations where the URIs (that the ITE describes) point to dynamic resources. The Security section of the draft highlights that care must be taken when recording dynamic contents. The suggestion is that this ITE should instead limit the use of generic URIs to static resources. I'm now working on identifying the impact this will have on some of the use cases that motivated this ITE.
Original discussion thread (for context): https://github.com/in-toto/ITE/pull/6#discussion_r395296284
cc @SantiagoTorres @trishankatdatadog @lukpueh