That's fair, but it seems to me they could've done it differently -- require a signature from the clients but allow them to produce an unbounded number of valid unique signatures that are securely but anonymously tied to the client TPM. In other words the client would still be able to present a validated anonymized identity, but would not be able to generate someone else's signatures, and private-key-based revocation could still be available to deal with rogue TPMs.