End-to-end security may also be achieved with secure tunneling and IPsec , but most service providers that offer secure connections use TLS for securing signaling. The relationship between SIP (port 5060) and SIPS (port 5061), is similar to HTTP and HTTPS, and uses URIs in the form sips:user@ . The media streams, which occur on different connections to the signaling stream, may be encrypted with SRTP . The key exchange for SRTP is performed with SDES ( RFC 4568 ), or with ZRTP ( RFC 6189 ), which can automatically upgrade RTP to SRTP using dynamic key exchange, and a verification phrase. One may also add a MIKEY ( RFC 3830 ) exchange to SIP to determine session keys for use with SRTP.