Lower layer protocols may eventually provide all the security
services that may be desired for applications of RTP, including
authentication, integrity, and confidentiality. These services have
recently been specified for IP. Since the need for a confidentiality
service is well established in the initial audio and video
applications that are expected to use RTP, a confidentiality service
is defined in the next section for use with RTP and RTCP until lower
layer services are available. The overhead on the protocol for this
service is low, so the penalty will be minimal if this service is
obsoleted by lower layer services in the future.
Alternatively, other services, other implementations of services and
other algorithms may be defined for RTP in the future if warranted.
The selection presented here is meant to simplify implementation of
interoperable, secure applications and provide guidance to
implementors. No claim is made that the methods presented here are
appropriate for a particular security need. A profile may specify
which services and algorithms should be offered by applications, and
may provide guidance as to their appropriate use.
Key distribution and certificates are outside the scope of this