Well, the RP must know the IP:
1. to verify the signature
2. to be sure that is a well known authority (equivalent of a CA in classical crypto)
From what I understand is the "signature" part that handles this and it is not clear if H is what is actually disclosed to RP or not. If it is I don't see how RP and IP cannot cooperate, but again I might be missing somethig.