That's great! Let me know if you guys need a sounding board for this.
It occurred to me in the Advanced Design forum where I saw someone asking about a layer 2 forwarding virtual server and SSL offload -- a CLIENT_HANDSHAKE_INIT event would be an interesting place to switch clientSSL profiles _and_ pool assignments on the fly based on either SNI _or_ the destination IP address; letting you switch the SSL cert _and pool_ presented based on either item. That could be useful when inserting ASM in the route path in front of an _existing_ secure web server network.