SRTP/DTLS to be specific instead of SRTP/SDES. In the past the keys were sent in SDP (using SDES--Security Descriptions) therefore over HTTP, but SRTP/DTLS is the way forward and in the spec.