TID: Mystic BBS 1.12 A47   
   MSGID: 1:129/215 690106bb   
   REPLY: 4:900/107 c47ec2e6   
   TZUTC: -0400   
    bu> So, if PKT does NOT have password but a password is configured, it should   
    bu> detect it and NOT use it, and at least provide a warning ' PKT password   
    bu> especified for address, but PKT does not require it' (instead of saying '   
    bu> invalid pkt'... which is not real. The PKT is fine, the problem is   
    bu> something else)   
      
   There is no error that says "Invalid PKT" in the current version. If that were   
   the error message I agree it'd absolutely need to be changed!  The error   
   message is "PKT passsord does not match password set for 
".   
      
   In terms of the PKT password logic: I understand what you're saying but I am   
   not sold on changing it and let me explain why.   
      
   We cannot be sure a system connecting to you and saying its your hub is really   
   your hub, so the security provided by a PKT password is a two-way street.  In   
   other words if Mystic would ignore a missing password from an incoming PKT it   
   would create a big security hole.   
      
   Lets say for example you have a hub connection to 1:1/1 and you've configured   
   it to require a PKT password.  An unknown system connect to you and sends you   
   a PKT file "from 1:1/1" that contains 1,000,000 gibberish echomail messages.   
      
   Result 1 (Mystic today):   
      
   Mystic sees that the password you've configured for 1:1/1 does not match what   
   is in the PKT.  The PKT files are refused because Mystic cannot be sure the   
   PKT files are legit.  The error message is: "PKT password does not match   
   password set for 1:1/1"   
      
   (This message used to just be 'Bad password' but I've changed it)   
      
   Result 2 (if I changed it to not use it):   
      
   Mystic sees that the PKT does not have the password you've set up, but   
   processes it anyway.  Your BBS system is flooded with 1,000,000 gibberish   
   echomail messages from an unknown system pretending to be 1:1/1.  Your system   
   is also a hub for 10 other systems too and those 1,000,000 messages are sent   
   to the downlinks flooding the network with 11,000,000 gibberish messages.   
      
   --- Mystic BBS v1.12 A47 2021/04/01 (Windows/64)   
    * Origin: Sector 7 | Mystic WHQ (1:129/215)   
   SEEN-BY: 1/123 19/10 90/1 105/81 106/127 120/340 457 123/10 131 129/215   
   SEEN-BY: 129/305 153/757 154/10 30 40 50 700 203/0 220/80 90 221/0   
   SEEN-BY: 221/1 6 242 360 226/30 227/114 201 702 229/101 310 424 426   
   SEEN-BY: 229/452 550 664 700 981 1016 1017 230/0 240/5832 249/206   
   SEEN-BY: 249/307 317 400 280/464 5003 282/1038 292/854 301/1 317/3   
   SEEN-BY: 320/219 322/757 335/364 342/200 423/81 633/0 267 280 281   
   SEEN-BY: 633/410 412 414 416 509 640/1138 1321 1384 712/848 770/1   
   SEEN-BY: 3634/12 4500/1   
   PATH: 129/215 154/10 221/6 1 640/1384 633/280 229/426