From 50d76e6af2ee9cd25463de99064f7aa4368e467c Mon Sep 17 00:00:00 2001
From: Kegan Dougal <7190048+kegsay@users.noreply.github.com>
Date: Tue, 16 Sep 2025 09:01:25 +0100
Subject: [PATCH] Update 4354-sticky-events.md

---
 proposals/4354-sticky-events.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proposals/4354-sticky-events.md b/proposals/4354-sticky-events.md
index 69dfcdd20..7321524b7 100644
--- a/proposals/4354-sticky-events.md
+++ b/proposals/4354-sticky-events.md
@@ -323,7 +323,7 @@ implement the map-like semantics should they wish to.
 [^ttl]: Earlier designs had servers inject a new `unsigned.ttl_ms` field into the PDU to say how many milliseconds were left.
 This was problematic because it would have to be modified every time the server attempted delivery of the event to another server.
 Furthermore, it didn’t really add any more protection because it assumed servers honestly set the value.
-Malicious servers could set the TTL to be the maximum allowed time all the time, ensuring maximum divergence
+Malicious servers could set the TTL to be 0 ~ `sticky.duration_ms` , ensuring maximum divergence
 on whether or not an event was sticky. In contrast, using `origin_server_ts` is a consistent reference point
 that all servers are guaranteed to see, limiting the ability for malicious servers to cause divergence as all
 servers approximately track NTP.