There's an intersting article I found on securityfocus:
http://online.securityfocus.com/infocus/1605
This brings an interstring question: while we push for more encryption, it also makes detection with NIDSs... I guess a solution might be to favor distributed IDSs with central managment/logging. Some vendors are already pushing this but open source world doesn't seem to be catching on to this...
Ammo