[avz]

QKD has a number of fairly well-known limitations:

* It suffers from a built-in vulnerability to denial-of-service attacks because eavesdropping destroys quantum information.

* It lacks an authentication mechanism and is vulnerable to MITM. In practice, classical protocols are used to add authentication and to protect against MITM.

* It is a hardware solution and thus expensive to deploy, upgrade and maintain.

At the same time, contrary to the usual claims of "security guaranteed by the laws of physics", its security is limited by the security of non-quantum elements of the implementation. IOW, the usual reference to the no-cloning theorem for quantum information is irrelevant because QKD uses both quantum and classical information and the latter is clonable and therefore implementations suffer from side channel leaks.

Thus, QKD is an expensive and impractical solution to a problem already solved robustly and cheaply by classical protocols. Hopefully, the hype around it fizzles out before it harms related fields with an actual promise, such as quantum computing.