diff --git a/README.md b/README.md
index e9f660e7..ca926905 100644
--- a/README.md
+++ b/README.md
@@ -30,11 +30,13 @@ Secrets App supports the following features:
 - Touch-button protected use per credential.
 
 The pynitrokey library can be used to communicate with this application over CTAPHID, and nitropy provides the CLI using
-it.
+it. See [ctaphid.md](docs/ctaphid.md) for the details.
 
 CCID transport is also available, and while not supported in the mentioned library yet, it can be potentially used by
 the protocol-compatible applications, like the mentioned KeepassXC.
 
+See [design.md](docs/design.md) for the UX design choices.
+
 [RFC4226]: https://www.rfc-editor.org/rfc/rfc4226
 
 [RFC6238]: https://www.rfc-editor.org/rfc/rfc6238
diff --git a/docs/design.md b/docs/design.md
index 61a1edc4..53aac6cd 100644
--- a/docs/design.md
+++ b/docs/design.md
@@ -20,3 +20,6 @@ malware threats by incorporating physical user presence confirmation for critica
 | Secrets App Next (TBD) | (no changes)                                                                                                                                                                                                                      |
 
 
+Other:
+- do not allow to overwrite credentials - always require explicit deletion of the credential with the same name
+- remove YKOATH protocol compatibility, specifically authentication through challenge-response
\ No newline at end of file