This is definitely not correct. Everything must be authenticated to the source for EDID/HDCP or the source doesn't send the data. I think you are confusing the encryption and copy protection process.
The source originates the copy protection and the devices take that data process it and responds with its answer. If that answer is correct it will send the data. This is the authentication process and the source has to know that the display(s) are compliant. This is all done on the low speed DDC channel. The source doesn't just talk to the AVR. AVRs are repeating devices and not source and sinks themselves even though they have receivers and transmitters and can decrypt and encrypt the data.
Encryption is a secret code that is encoded to the high speed data streams (TMDS channels) so it is not easily recognizable to a device that might be monitoring the data. The AVR (repeater) is allowed to decode this stream and modify it but this stream would not have been sent if the source didn't authenticate with the sink on the DDC channel. Repeaters need to be identified with the source or the source won't send the data stream.
