How is freshness achieved in DAA without compromising the main security goal (i.e., anonymity)? I think the document should explain that clearly.

Current text:
"The Join Protocol is essentially an enrollment protocol that consumes
Evidence from the Attester (therefore the mapping to the Verifier
role). Corresponding Appraisal Policies for Evidence specific to the
Join Protocol are used to produce Attestation Results to decide
whether to issue a DAA credential to an Attester or not (therefore
the mapping to the Relying Party role)."

and
"The DAA Issuer acts as the Endorser for the Group Public Key that is
used by the Verifier for the appraisal of evidence of anonymized
Attesters that use the DAA credentials and associated key material to
produce Evidence."

This seems to suggest that Endorser, Verifier, and RP entities all have to be the same entity for join and sign protocols to work. However, this seems unnecessarily complex and may not align well with actual supply chain entities.

Consider the case where a supplier manufactures 1M instances of device X and provisions a group signing key K to all the device instances. If Evidence is signed using key K, then verifiers seeking to prove integrity of evidence signed by K(private) uses K(public) contained in a certificate issued by the supplier's chosen CA.

The verifier doesn't know which of the 1M devices signed evidence with K(private). Therefore, the verifier can't collude to reveal with Attester has which Evidence. If Evidence also contains only class identifiers, then all 1M devices will produce the same evidence.

The signatures will be different, but there is no way for the verifier to distinguish which signature belongs to which attester (within the group).

This approach means the DAA Issuer need only be implemented by the Endorser role. The join protocol is implemented only by the 1M Attesters. There's no reason for verifier / RP to participate in the join protocol.