1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Return-Path: <indolering@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 4CDDBB93
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 17 May 2017 17:01:46 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi0-f54.google.com (mail-oi0-f54.google.com
[209.85.218.54])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D16251F9
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 17 May 2017 17:01:45 +0000 (UTC)
Received: by mail-oi0-f54.google.com with SMTP id h4so23176609oib.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 17 May 2017 10:01:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:from:date:message-id:subject:to;
bh=mJDbXatVrdNQCqkwk5L668t6r0UoCkzUPoSe4z2wqo4=;
b=GAHSqkKJsyqoENk1atuq5soDg7pzbGrF99Oavw6LvbhMVhtd9+WHISlnB0CAahdYC6
Mewk5KPFa+A3q2jLoJSGo9P9CPFD7BTOS3O70GlUjpLBZGlaluoOyUqv7bFAcP4P4jOE
2lrFcLGzMpQjENV8ak6B7kiNxoDBKq/6TZwndgzkEXxNAMea2pjBD7Gimm2HnBjtdKtT
xj3TzhVybFjLY4De87EOAHfr+AvKi/VQN79IZi4FS+DcU1gUouEDfO+xb/3udQCWp6mJ
6XPoSHDwLlWn/kdOnh8cf6XQfLntL7Vvm/bIpco/C+2XYmtTO7QAlU24oGfZhsRI9XBk
PJzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
:to; bh=mJDbXatVrdNQCqkwk5L668t6r0UoCkzUPoSe4z2wqo4=;
b=mof36gPNb9lHdviIOxKUgwBw3Ckq3xU0JJ88TmXHLGR+HTq4FDcNVGBKHBPfom2rwq
WeD/dHx223bG8ORZ98UFaXNjJD0FCOupbwt2vo3PeSR5Zm/O2IDZWxHkvt0jxv4lOfGD
t+cTgX7u9DyRBEnq4W+LzE4wrHRaX4mL7egRFO/bw3QONSFHI1oocu9bi3fRgBrB1WO1
abmh47b+ptO5+y32v4ok96wylclpayZDwNT5ENvH++EdJsvEilzxUOy2fFrjvY1QSO13
smZ1/Djl2EKgzENsxpsOMw7P9/B7DU027P/5RKVI+IPUi4j9jDeeCLCN3XdykmNKrBPT
baEA==
X-Gm-Message-State: AODbwcAj2Ij0yViCLUYR29OvuaPtdOAXIVdr8A95oP6ZJx7bWIGGxRdX
a8swzTyLfARwgiZB9CH9XbXRnGt9E4Dm7IU=
X-Received: by 10.202.199.69 with SMTP id x66mr2066027oif.215.1495040504846;
Wed, 17 May 2017 10:01:44 -0700 (PDT)
MIME-Version: 1.0
Sender: indolering@gmail.com
Received: by 10.202.175.76 with HTTP; Wed, 17 May 2017 10:01:04 -0700 (PDT)
From: Zach Lym <zachlym@indolering.com>
Date: Wed, 17 May 2017 10:01:04 -0700
X-Google-Sender-Auth: leL8hFGTwCbunrBDWUagxgQviRc
Message-ID: <CABWuLVf6zUhyTSDkXv26WqUE43q7PHqtOtfm5SNs_LkbmGt9dQ@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="001a11c1866637618f054fbb3e45"
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE,
RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 17 May 2017 17:14:14 +0000
Subject: [bitcoin-dev] BIP39 (mnemonic seeds) Unicode normalization
compatibility issue
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 17:01:46 -0000
--001a11c1866637618f054fbb3e45
Content-Type: text/plain; charset="UTF-8"
I am working on a replacement for BIP39 and noticed that the password
section mandates a Unicode normalization pass but does not prohibit
unassigned character points.
I believe that this is problematic as newer drafts of Unicode alter the
output of normalization passes. So if a user assigned a password using a
wallet that linked to Unicode 9 but input a code point reserved in Unicode
10, updating the wallet to Unicode 10 could incorrectly remap that code
point [0].
Thank you,
-Zach Lym
P.S. The relevant RFC on this subject specifies a different normalization
procedure [1]
[BIP39]: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
[0]: http://unicode.org/reports/tr15/#Stabilized_Strings
[1]: https://tools.ietf.org/html/rfc7564
--001a11c1866637618f054fbb3e45
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div style=3D"font-size:12.8px">I am working on a replacem=
ent for BIP39 and noticed that the password section mandates a Unicode norm=
alization pass but does not prohibit unassigned character points.</div><div=
style=3D"font-size:12.8px"><br></div><div style=3D"font-size:12.8px">I bel=
ieve that this is problematic as newer drafts of Unicode alter the output o=
f normalization passes.=C2=A0 So if a user assigned a password using a wall=
et that linked to Unicode 9 but input a code point reserved in Unicode 10, =
updating the wallet to Unicode 10 could incorrectly remap that code point [=
0].</div><div style=3D"font-size:12.8px"><br></div><div style=3D"font-size:=
12.8px"><div class=3D"gmail-m_1049847864337342968gmail_signature">Thank you=
,<div>-Zach Lym</div><div><br></div><div>P.S.=C2=A0<span style=3D"font-size=
:12.8px">The relevant RFC on this subject specifies a different normalizati=
on procedure [1]</span></div><div><br></div><div>[BIP39]:=C2=A0<a href=3D"h=
ttps://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki" target=3D"_b=
lank">https://github.com/<wbr><span class=3D"gmail-il">bitcoin</span>/bips/=
blob/master/bip-<wbr>0039.mediawiki</a><br></div><div>[0]:=C2=A0<a href=3D"=
http://unicode.org/reports/tr15/#Stabilized_Strings" target=3D"_blank">http=
://unicode.org/<wbr>reports/tr15/#Stabilized_<wbr>Strings</a></div><div>[1]=
:=C2=A0<a href=3D"https://tools.ietf.org/html/rfc7564" target=3D"_blank">ht=
tps://tools.ietf.org/<wbr>html/rfc7564</a></div></div></div>
</div>
--001a11c1866637618f054fbb3e45--
|
