The attached document is an interesting deep dive into threat modeling the potential of encrypted network traffic to be malicious based on it is meta data and use of TLS. Factors, like the client that was used (Mozilla, Tor, IE, Opera, etc.,), the cipher suite that was offered (RC4, DES, 3DES, AES, etc.).
What are your thoughts on the approach outlined in the article? Do you see any chance for false positives?