A viable solution to big CAs is to have all sites have their certs cross-signed by at least two different CAs. Then any single CA can be revoked without affecting any sites at all.
Note that this is also how a new CA is bootstrapped: initially the certs it issues are cross-signed by some existing CA so they work even in UAs that don't have the new CA in their trust root.
The obvious drawback is that now sites need certs signed by two CAs, and getting them to use even one CA is hard enough...
I was thinking the same thing. Assuming it's technically feasible I don't see this as being a huge problem. If your site is important enough that you can't have any downtime due to a CA revocation then you spend the extra time/money up front to get get cross-signed certs. If you don't care, then you just fix the problem when it comes up. If CAs start getting revoked more often then this will just become standard practice.
Note that this is also how a new CA is bootstrapped: initially the certs it issues are cross-signed by some existing CA so they work even in UAs that don't have the new CA in their trust root.
The obvious drawback is that now sites need certs signed by two CAs, and getting them to use even one CA is hard enough...