Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier.
Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA).
Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. Unless someone has come up with a new wrinkle to this since I last looked, the QKE system indeed requires three channels - the key photon one which must be optical, and a conventional comms pair (the latter of course can be substituted with any comms pair you have handy, but if you are running fibre from A to B you might as well run three) As all three require MiTM to be mounted, it would be better to have a
Tyler Durden wrote: physically diverse path for the conventional pair - but in a small city where you are patching the optical channel though the nearest exchange, this may not be practicable. The "regular encryption scheme" (last I looked at a QKE product) was XOR....