Thanks, that explanation was a huge help.
Is revocation not a weakness then? Right now the media key is encrypted only once on the disc, with the device key for node 1, but if they wanted to revoke a device they'd have to include a few different copies of the media key encrypted with different device keys; is this right? So then we have a few blocks that we know will all decrypt to the same plaintext. I'm no cryptographist but this seems like a potential weakness...