[zauguin]

> To dig into this traffic, the easiest option is to use an HTTP-debugging tool (such as HTTP Toolkit) to see the raw interactions, and configure Docker to use this as your HTTP proxy (docs here) and trust the CA certificate (here).

Probably not surprising given that this is the blog of HTTP Toolkit, but instead of debugging the HTTP requests, they could have gotten much of the same information by reading the introduction of the API docs (https://docs.docker.com/registry/spec/api/#overview).

[KronisLV]

Well the implication is that:

  - there are such docs
  - you can find them
  - they won't lie to you
  - they'll be enough to give you a picture of how everything works

It's great that Docker fits this criteria, but in general tools that let you cut out a few of those steps and inspect how the actual thing is running live are also nice.

Ideally, consider using both: trust the docs, but validate regardless to have more confidence.