maybe it is not that kamailio related question, but I dont know any other place with such good voip professionals ;) I have kamailio and mediaproxy. Clients are BudgetTone 200 (Grandstream) and CSipSimple. I am forcing clients to use SRTP but it does not support adding any certificate on both sides. SRTP call is working fine.

The question is, in this case, is man-in-the-middle attack possible? Maybe I should study SRTP more, but basically, if there are no certificates, there is no method how to be 100% sure that the media goes directly between clients. Is it true?