The concept of splitting keys is fine. But I have never seen an proposition that actually works and it is at least as safe as having just one key everywhere. Once multiple keys are at play there are lots new attacking possibilities, especially on the social engineering side.
Discussion
I don't follow. My proposed NIP-102 uses one key to attest other keys, so it could be cold and offline. If one gets lost, you disavow it the same as NIP-22, and issue a new one. Your friends don't need to validate the rotation though.
That's not how nostr works. The key's friends will still be following the old key regardless of your "disavowing". Their clients must each implement your thing and help that user migrate to the new one. Until then, they are following the old one not knowing anything about the change.
Which means that your user will inevitably have to declare the key as stolen in a regular kind1 and ask people to manually migrate to the new key, which duplicates the work and thus defeats the purpose of any automated system or key migration.
Not really? Think of session management: there are many tokens sessions for one user. You use your credentials once to get a new credential with the same authority as the password, but if it stolen it can be revoked without compromising your password. All operations behave as if the session token is the same as the root identity, and the only work that happens when a session is disavowed is that messages signed by the session should be deleted.