Actually, I think it would work if there was just one OP_OP_ENABLE that takes a list of many opcodes to enable. If the node can't understand any of these opcodes, then it stops here. If it does understand all of the opcodes, it also needs to verify the transaction again as though it doesn't understand them, and this "legacy" verification must also pass.
The bootstrap needs to be changed slightly.
A script that uses the new protocol will have the following format
<legacy script> OP_0 OP_IF <byte array containing extended script> OP_ENDIF
Legacy clients will just process the legacy script. As far as they are concerned the the rest of the script means the following.
push false onto the top of the stack
if the top value on the stack is true
push a byte array onto the stack
New nodes will verify the script as if they were legacy clients and then verify the script as if it was
<legacy script> <script contained in the byte array>
This will prevent new nodes from allowing any transactions that would be rejected by nodes without an understanding of new opcodes. Then it should be safe as long as clients using new opcodes control the network.
Exactly. Old client miners might end up creating a few blocks that are invalid, but if 99% of the network refuses to build on them, then they will be discarded.
It might be a better method of changing things than the currently-planned method.
Do you mean the original post, or are their other proposals?