My proposal would indeed bloat the block chain, and therefore a prerequisite would be appropriate transaction pruning - something already being discussed by the devs.  It would also require deterministic wallets in the main client, otherwise a wallet backup would expire very quickly as all of the addresses are used up for this purpose.  So for now, my proposal is totally premature for implementation - it just won't be for much longer.

Your "transaction-intent" proposal would work really well, other than that it would be very easy to disrupt.  The Achilles heel is that until ALL of the signatures are provided, the entire transaction is invalid.

If every Bitcoin transaction were made by soliciting an offer to combine it with somebody else's transaction and a protocol were devised to coordinate this, transaction processing on the entire Bitcoin network could be brought to a halt just by somebody writing a bot that pretends to cooperate for as long as possible, but refuses to actually sign any transactions... and then running a few dozen instances of that bot.

A few dozen instances of such a bot would make detection and exclusion of the bot impossible, because they would cooperate and sign transactions most of the time, but each one would take turns disrupting a whole distributed transaction, letting a different bot instance do the job of disrupting each separate attempt.  Sort of like colluding in online poker.