"Once each peer has verified that the other party supports receiving
RTP packets encrypted with Cryptex, senders can unilaterally decide
whether to use the Cryptex mechanism or not."
I think it is good to point out that the decision to use Cryptex is made for each individual RTP packet, i.e., the sender might use Cryptex for some packets and might not
use Cryptex for some packets (based on whatever policy).