Not quite inherent -- if you verify against a SubjectAltName dNSName
you can decide the certificate is valid for many domains.
Yes, this is true in theory, but I want to know how you're going
to get VeriSign to issue you a certificate with subjectAltNames
corresponding to a bunch of unrelated domains. And remember ...
Ah, that. Well, we live in different PK worlds. Yours is much larger
and more congruent to plaent earth. Mine is a bunch of science labs
and universities that nearly know each other.