[cabfperf] Recommended Max Number of SANs in a Certificate

[Wayne Thayer]

>However, in the case of #4, I do think that we can and should make a different recommendation: When the client does support SNI, then use the SNI information to >select a certificate with a properly-scoped set of SANs instead of a cert with a massive number of SANs for unrelated hostnames designed for non-SNI-supporting >browsers. I think such a recommendation makes sense for performance because the vast majority of clients will receive the smaller certs. But, it also makes sense for >security since separate customers can be isolated from each other better (e.g. no coalescing of connections between different customers' websites) and because it >reduces friction to revoking certificates (e.g. if I switch my front-end hosting from CloudFlare to something else, I'd like CloudFlare to have all certificates that include my >hostname revoked). 

Brian - are you aware of any servers that support this type of multi-cert configuration?

Wayne