diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 2d4c80df92..bbdd06d5ae 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -4637,6 +4637,14 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation,
                             size_t input_length);
 
 /** Get implicitly confirmed shared secret from a PAKE.
+ *
+ * At this point there is a cryptographic guarantee that only the authenticated
+ * party who used the same password is able to compute the key. But there is no
+ * guarantee that the peer is the party he claims to be and was able to do so.
+ *
+ * That is, the authentication is only implicit (the peer is not authenticated
+ * at this point, and no action should be taken that assume that they are - like
+ * for example accessing restricted files).
  *
  * This function can be called after the key exchange phase of the operation
  * has completed. It imports the shared secret output of the PAKE into the