BTW, the idea that the content is sent on the TMDS stream free and clear of encryption just because the sink was pre-authenticated would not really make for a robust content protection system. This would allow for a "man in the middle" attack. I wouldn't think the industry would have gone for such a solution.

In other words, my understanding of the DCP paper makes sense to me intuitively. This is another reason I feel compelled to clarify and verify these points.