diff --git a/acme/api/handler.go b/acme/api/handler.go
index 760b8234..6ae57ab8 100644
--- a/acme/api/handler.go
+++ b/acme/api/handler.go
@@ -297,10 +297,10 @@ func GetChallenge(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// NOTE: We should be checking that the request is either a POST-as-GET, or
-	// that the payload is an empty JSON block ({}) for non device attestation
-	// challenges. However, older ACME clients still send a vestigial body
-	// (rather than an empty JSON block) and strict enforcement would render
-	// these clients broken.
+	// that for all challenges except for device-attest-01, the payload is an
+	// empty JSON block ({}). However, older ACME clients still send a vestigial
+	// body (rather than an empty JSON block) and strict enforcement would
+	// render these clients broken.
 
 	azID := chi.URLParam(r, "authzID")
 	ch, err := db.GetChallenge(ctx, chi.URLParam(r, "chID"), azID)