diff --git a/authority/config/config.go b/authority/config/config.go
index 27c4919b..0494183b 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -35,8 +35,8 @@ var (
 	// DefaultEnableSSHCA enable SSH CA features per provisioner or globally
 	// for all provisioners.
 	DefaultEnableSSHCA = false
-	// DefaultDisableSmallstepExtensions disables the Smallstep extensions in
-	// the certificate.
+	// DefaultDisableSmallstepExtensions is the default value for the
+	// DisableSmallstepExtensions provisioner claim.
 	DefaultDisableSmallstepExtensions = false
 	// DefaultCRLCacheDuration is the default cache duration for the CRL.
 	DefaultCRLCacheDuration = &provisioner.Duration{Duration: 24 * time.Hour}
diff --git a/authority/provisioner/claims.go b/authority/provisioner/claims.go
index 9cd9c42c..dcf679b3 100644
--- a/authority/provisioner/claims.go
+++ b/authority/provisioner/claims.go
@@ -115,8 +115,8 @@ func (c *Claimer) IsDisableRenewal() bool {
 	return *c.claims.DisableRenewal
 }
 
-// IsDisableSmallstepExtensions returns if the Smallstep extensions, like the
-// provisioner extension, should be excluded from the certificate.
+// IsDisableSmallstepExtensions returns whether Smallstep extensions, such as
+// the provisioner extension, should be excluded from the certificate.
 func (c *Claimer) IsDisableSmallstepExtensions() bool {
 	if c.claims == nil || c.claims.DisableSmallstepExtensions == nil {
 		return *c.global.DisableSmallstepExtensions
diff --git a/authority/provisioner/sign_options.go b/authority/provisioner/sign_options.go
index cab7aa43..782a3598 100644
--- a/authority/provisioner/sign_options.go
+++ b/authority/provisioner/sign_options.go
@@ -444,8 +444,9 @@ func newProvisionerExtensionOption(typ Type, name, credentialID string, keyValue
 	}
 }
 
-// WithControllerOptions returns the provisionerExtensionOption options from the
-// controller. Currently only the claim DisableSmallstepExtensions is used.
+// WithControllerOptions updates the provisionerExtensionOption with options
+// from the controller. Currently only the DisableSmallstepExtensions
+// provisioner claim is used.
 func (o *provisionerExtensionOption) WithControllerOptions(c *Controller) *provisionerExtensionOption {
 	o.Disabled = c.Claimer.IsDisableSmallstepExtensions()
 	return o