diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py
index 0bff8686e0f99ebf4b1365313a6daae346c54cb6..a400091db7252f6b2204437dd333019f62eb4c9d 100644
--- a/synapse/federation/federation_base.py
+++ b/synapse/federation/federation_base.py
@@ -227,9 +227,7 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
 
     # we want to check that the event is signed by:
     #
-    # (a) the server which created the event_id
-    #
-    # (b) the sender's server.
+    # (a) the sender's server
     #
     #     - except in the case of invites created from a 3pid invite, which are exempt
     #     from this check, because the sender has to match that of the original 3pid
@@ -243,6 +241,8 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
     #     and signatures are *supposed* to be valid whether or not an event has been
     #     redacted. But this isn't the worst of the ways that 3pid invites are broken.
     #
+    # (b) for V1 and V2 rooms, the server which created the event_id
+    #
     # let's start by getting the domain for each pdu, and flattening the event back
     # to JSON.