It would be nice to provide a specific tool (ie. ringtool) to allow operators to perform safe ring membership operations (CASSANDRA-16139) such as removing failed nodes, aborting failed ring update proposals, adding or removing tokens to a host, moving tokens etc.
While we could provide this functionality via nodetool as done currently, I think it would be better to have an exclusive tool for this to separate concerns. Furthermore we can add specific permissions to this tool that are different from nodetool to allow only authorized operators to perform ring membership changes.
We should support the current methods available on nodetool (such as nodetool move, nodetool join, nodetool bootstrap resume, etc) and deprecate them on nodetool asking users to use the new tool moving forward.