++1 on concept and I'll be actually doing some testing soon.
One problem is just that mod_ssl uses the default APR dbm which is the (non-optimal) sdbm. A cool fix would be to allow SSLSessionCache to pick out the underlying dbm implementation, since we have those hooks in APR anyway. But error detection/correction would be interesting because of the linked nature of those dbm libs.
As far as storage of that "private" information regarding sizes, one thought would be to place them into the APR dbm datum types... Looking into that now :)
