While my points have applied to the high speed data - and that is what I am most concerned about in this thread - what you describe here actually conflicts with what I understand about the low speed communciation, as well.

The previous link I posted ([Link: crestron.com]) describes the authentication process as working differently from how you describe. Specifically, a multi part authentication process is described when a repeater is involved, and in this process the repeater (i.e. AVR) plays an active role in gathering downstream device info and sending it back up to the source in the form of an HDCP tree that the repeater assembled.

The document also establishes that the source authenticates directly with the repeater in the first part of this process. So, again, the AVR is not just dumbly passing info back and forth, but rather creating it's own data.

If you think about it, this makes sense, since the repeater has in hand an unencrypted signal. If the source did not authenticate the repeater, that would setup the system for a breach.

Here's an excerpt from the paper:

Authentication Part 2
Part 2 of authentication only occurs if the downstream device is a repeater. The purpose of Part 2 is to inform the source of all downstream devices and the HDCP tree depth. The source uses this information to ensure that the tree topology maximums haven't been exceeded and to ensure that none of the downstream devices have been revoked by DCP.

The repeater first assembles a list of the KSVs of all downstream devices, as well as the device count and the tree depth. The repeater then passes this information up to the source. To ensure that this information hasn't been tampered with during transmission, each device takes this list, appends its secret value M0/M0' from Part 1, and calculates a SHA-1 hash of the whole thing. The transmitter reads the