<P> Concerns about the security of calls via the public Internet have been addressed by encryption of the SIP protocol for secure transmission . The URI scheme sips is used to mandate that each hop over which the request is forwarded up to the target domain must be secured with Transport Layer Security (TLS). The last hop from the proxy of the target domain to the user agent has to be secured according to local policies . TLS protects against attackers who try to listen on the signaling link but it does not provide end - to - end security to prevent espionage and law enforcement interception, as the encryption is only hop - by - hop and every single intermediate proxy has to be trusted . </P> <P> End - to - end security may also be achieved with secure tunneling and IPsec, but most service providers that offer secure connections use TLS for securing signaling . The relationship between SIP (port 5060) and SIPS (port 5061), is similar to HTTP and HTTPS, and uses URIs in the form sips: user@example.com . The media streams, which occur on different connections to the signaling stream, may be encrypted with SRTP . The key exchange for SRTP is performed with SDES (RFC 4568), or with ZRTP (RFC 6189), which can automatically upgrade RTP to SRTP using dynamic key exchange, and a verification phrase . One may also add a MIKEY (RFC 3830) exchange to SIP to determine session keys for use with SRTP . </P>

What are two characteristics of voip network traffic