"Peers MAY negotiate both Cryptex and the header extension mechanism
defined in [RFC6904] via signaling, and if both mechanisms are
supported, either one can be used for any given packet. However, if
a packet is encrypted with Cryptex, it MUST NOT also use [RFC6904]
header extension encryption, and vice versa."
To me this does not seem like only an SDP issue, but more a functional issue that should be described elsewhere in the document.