Hi, "sip:alice@domain.org" is registered in Kamailio. If the proxy receives a request for "sips:alice@domain.org" and invokes "lookup(location)" the function doesn't retrieve the registration of alice. But it should:
RFC 5630 section 3.3:
When used as the Request-URI of a request, the SIPS scheme signifies that each hop over which the request is forwarded, until the request reaches the SIP entity responsible for the domain portion of the Request-URI, must be secured with TLS; once it reaches the domain in question it is handled in accordance with local security and routing policy, quite possibly using TLS for any last hop to a UAS. When used by the originator of a request (as would be the case if they employed a SIPS URI as the address- of-record of the target), SIPS dictates that the entire request path to the target domain be so secured.
Note the last phrase:
When used by the originator of a request (as would be the case if they employed a SIPS URI as the address- of-record of the target), SIPS dictates that the entire request path to the target domain be so secured.
This is, the entire path *until* the proxy responsible for the domain in the RURI must be secure (TLS) but it's not required (local policy) that the destination proxy dellivers the request to the destination user using TLS.
So IMHO lockup(location) should not inspect the registration schema. Am I wrong?