
I think it's fair.
If we must rely on secrurity certificates, we have to know they are trustworthy, if we can't know that, then we shouldn't trust them. Being able to revoke Certificate Authority when you can not trust the certificates is completely appropriate, And, the system would be even more broken than it is if we never excersize that option.
Diginotar can reissue all thier old certs, and sign them with a new cert. Pain in the butt, but that's the solution that this system accomodates.