DAA (Direct Anonymous Attestation) is not the only scheme to achieve anonymous attestation. In general, these schemes allow an entity to stay anonymous throughout the attestation process. The concern here is not the attestation but key revocation. TPM/FIDO DAA scheme requires to keep a rogue list of compromised private keys to make revocation possible. But the assumption of compromised device will have its private key leaked publicly is naïve. In fact in many scenarios, a hacker may not reveal a compromised key. Such key can be used for attack such as denial of service attack etc... Since device identity is anonymous to service provider, there is no way for service provider to differentiate an attacker from genuine user.
What making it worse is having the private key stored/protected using hardware key store or HSM (Hardware Security Module). A hacker may have the knowledge to hack and extract the private key from a HSM using zero-day vulnerability. Since private key is designed not to output private key in plain. Therefore, even if a user acknowledge his device is compromised, but there is no way for him to inform the authority since it is not possible to extract the private key as a normal user.
Therefore, DAA sound like a wonderful technology but is not commercially viable? Considering the fact that the DAA scheme is already introduced in FIDO specification. I'm curious to find out why is this scheme accepted in FIDO with the aforementioned weakness. Maybe I missed something and someone can answer it