I am curious, through Google research I have been learning about digital signatures and strongly named assemblies. It appears possible to use a digital signature to sign a strongly named assembly if you really try hard.
I speculate that with this practice it is possible to circumvent the purpose of a digital signature by using it this way.
Microsoft says:
"strong names in and of themselves do not imply a level of trust like that provided, for example, by a digital signature and supporting certificate."
-- http://msdn.microsoft.com/en-us/library/wd40t7ad%28v=vs.110%29.aspx
Am I correct in guessing that using a digital signature in this way is actually a bad practice, that may create a security hole and definitely serves no purpose? Or is it even possible? Is using a digital signature as the strong name possible or better then then doing nothing? Does it provide some extra security beyond using a digital signature properly.
Just splitting this up into clear bits, because I'm not quite sure what you're asking.
Is it possible to use the private key of a digital signature (e.g. Authenticode) to strongly name an assembly?
Yes, at least in theory - since all a key is is a sequence of bytes.
Would there be any point in doing so?
Since you don't need to pay for a private key for strong naming, using a paid-for digital signature to do it wouldn't make much sense, no. What you pay for is the trust associated with the digital signature. Strong naming, as Eric Lippert, Alexei, and others explained, doesn't assert trust.
Would it be a security hole if you did so anyway?
No. Whether you're digitally signing or strong naming, and no matter what private key you may use for it, all you're giving out with the assembly is the public key. A public key is meant to be public knowledge - that's the whole point of asymmetric cryptography. As long as your private key remains private, there's no hole.
ETA: I would like to see the post(s) mentioned in the question, about strong naming using an Authenticode signature (as opposed to combining the two), though.