"key server under the customer's control"
It looks genuinely interesting. While GCHQ/NSA/etc. may have a much easier time hacking the customer's key server and stealing the private keys they'd have to do it individually for each customer, I assume.
Don't see how it mitigates MITM though, but maybe I am missing something - I only skimmed the "technical details" blog.