By transferring I meant re-issuing automatically a new certificate, not keeping the signature. Of course this requires to re-authenticate the request. And that process has to be automated. A bit like the renewal of the certificate should also be automated.
No, existing certificates should not be reissued. We can't trust that they were issued to the rightful owner originally by the failed CA. Clients should request new certificates and validate their ownership from scratch.
Getting a certificate is an hour's work tops if you are doing the csr dance manually. If you use ACME and letsencrypt it's done in seconds.
EV certificates are more work but if this matters to you then perhaps you should source multiple certificates to begin with, or act quickly when a CA is dropped (I'm sure browser vendors will give at least a few days notice)
Edit: Maybe I misunderstood you. If you just meant that software in general should offer requesting certificates from any provider, then sure, why not just use ACME. CertBot appears to be designed with multiple providers in mind. But this doesn't really have much to do specificially with the case of CAs being dropped from the root. (At first I got the impression you wanted other CAs to "bail out" certificates from the revoked CA)
The validation requirements for 'Extended Validation' certificates can be onerous - complete with in-person ID checks, and photocopies of passports and driving licenses signed by public notaries. I'm not sure automated transfers would be possible.
I suppose you could downgrade on automatic transfer. I've heard people question the value of EV certs, and certainly a working DV cert is better than a revoked EV cert. Or you could insist every EV cert applicant verify their identity with two different CAs.
