UCC Certificate only for related sites?

On a SSL certificate provider I get this message:

NOTE: The UCC Certificate is ideal for Communication Server, Exchange Server and other Enterprise Applications, as well as for single companies or entities with many related URLs. This Certificate is not recommended for use with sites completely separate from each other (e.g. a network provider who builds Web sites for competitors).

I just don't get why.

Can anyone share some light?

Thank you in advance.

Since a certificate valid for both companyA.com and companyB.com only has one matching private key, whoever has control of that private key can serve either host names in a way that is valid, as far as certificate validation is concerned.

This means that the server admins of companyA.com also have the responsibility for the safe-keeping of the key+cert for companyB.com (since it's the same certificate).

This can work fine if the two companies or sites are part of the same entity, but this can get quite complicated from an organisational and legal point of view if the sites are not meant to fall within the scope of the same administrative domain. This is generally not good for the accountability and administrative aspects of security.

The reason for this is because a UCC certificate has only one common name, and all the SAN's (the rest of the domains on the certificate) always point back to the same common name. Many browsers makes this information readily available to you, as do a variety of online tools such as http://www.sslshopper.com/ssl-checker.html It is not recommended because it implies an association between business, or can look misleading to a consumer, because the domain names don't match up. It undermines the level of confidence SSL is meant to inspire, even though it is no less secure and no less technically feasible a setup.

As an outlandish example, lets say I run a business called IntimateHosting.com, and I specialize in hosting for anything to do with beds. I am a bed fanatic. Bed stores, sex toy shops, hotels, bed & breakfasts, sheet manufacturers, etc. I get one UCC for all of them. A shopper is on LuxuryHotelA.com, wants to check the security, turns out the common name is FeatherFetish.com (our down comforter sales site...just happened to be the first site we set up, so it is the common name). Looking further, they see other alternate names on the certificate are LuckyLinens.com, LuxuryHotelB.com (a direct competitor!), some seedy no name motel that we gave a free SSL to, and of course our own name, IntimateHosting.com.

Granted, most people don't do this amount of research when they shop, but this is why it is "not recommended".