diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 5639ad05d4..1eb2463cee 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -254,6 +254,18 @@ struct psa_key_attributes_s {
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+    /* Unlike normal buffers, there are three cases for domain_parameters
+     * and domain_parameters_size:
+     * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL:
+     *   Access to domain parameters is not supported for this key.
+     *   This is a hack which should not exist, intended for keys managed
+     *   by a driver that doesn't support domain parameters.
+     * - domain_parameters_size == 0 && domain_parameters == NULL:
+     *   The domain parameters are empty.
+     * - domain_parameters_size > 0 &&
+     *   domain_parameters == valid pointer to domain_parameters_size bytes:
+     *   The domain parameters are non-empty.
+     */
     void *MBEDTLS_PRIVATE(domain_parameters);
     size_t MBEDTLS_PRIVATE(domain_parameters_size);
 };