J. Alex Halderman has post the promised details in the series of explorations of AACS over at Freedom to Tinker. I am a bit surprised by the sophistication this seems to suggestion was designed into AACS. I guess the content industry learned their lesson with CSS and DeCSS. I wonder if, like RFID security, any vendors are provably cheaping out and not not issue as many unique device keys as the black listing scheme would ideally require to not be a nuisance to consumers.
The next installment promises to explore the issues of a decryption oracle and traitor tracing, both terms that are new to me yet fascinating. No references to them in Applied Cryptography, anyway.