Case (in)sensitivity of addresses

[caryoscelus]

Step 1: Please describe your environment

• ZeroNet version: master
• Platform: various linux distros

Step 2: Describe the problem:

Trying to load address which coincides with a registered one up to letter case leads to weird behaviour. In particular, the page loads forever, only changing its title to one from original page (if it's loaded)

Steps to reproduce:

1. take any site address
2. load/try to load the address
3. change case of one (or many) of its alphabetic components
4. try to load that one

Observed Results:

There is no attempt to load the second address, the page is empty and "loads" forever

E.g. http://127.0.0.1:43110/1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3d

Expected Results:

Sites with different addresses should be independent of each other

[HelloZeroNet]

The problem is the case-insensitive file systems does not allow 1Address and 1ADDRESS file/directory to exists in the same directory.
But we should show an error instead of lack of response.

[filips123]

There is problem with using either case sensitive or case insensitive addresses.

Problem with using case sensitive addresses (two addresses with different cases will be two sites):

1. Filesystem could be case insensitive.
2. Domain name is case insensitive (and converted to lowercase). See The domain naming scheme proposal #2087 for details why could this be problem.

Problem with using case insensitive addresses (two addresses with different cases will be same site):

1. Bitcoin addresses are case sensitive. This means that if address has different case than original, it is different from original and can also be not valid.

[twerq]

Confirm. Zeronet log:
[12:45:02] - UiWSGIHandler error: TypeError: memoryview: a bytes-like object is required, not 'str' in UiServer.py line 41 > pywsgi.py line 924 > pywsgi.py line 910 > pywsgi.py line 757 > pywsgi.py line 778 > pywsgi.py line 742 > pywsgi.py line 704 > _socket3.py line 457 > _socket3.py line 45

[krzotr]

BTC address contains last 4 bytes as a checksum. In my opinion, we should check if an address is correct. Please check this python code https://rosettacode.org/wiki/Bitcoin/address_validation#Python

Validation of BTC address will prevent point 3 - change case of one (or many) of its alphabetic components

[Thunder33345]

Are we happy with deeming the odds of having an address coalition that's just has 1 capitalization differences not an issue and insignificant?
That's the biggest question here IMO
AKA what happen if an VALID REAL address with 1 capital character collides, how would we resolve said edge cases

and, can this be exploited? say loading a malicious website first rendering the legitimate website unreachable, if possible, what's the odds and cost to perform such attack?

[filips123]

@Thunder33345 Yes, this could happen but it is nearly impossible:

The probability that a mistyped address is accepted as being valid is 1 in 232, that is, approximately 1 in 4.29 billion.

(From Bitcoin Wiki)

[Thunder33345]

just for others: i did not meant mistyped?
but rather 1 capitalization differences
that's not mistyped but rather maliciously craft a URL that have same letters different capitalizations
but figure it would be pretty small to match another address