I've read this claim in many places and had people tell me this directly, but I haven't been able to find a conclusive answer about the full list of reasons why a Strong Name can't be used for security.
I understand the intention of the Strong Name feature is identification rather than security but I'm looking for an explanation of any security problems that can be caused by using Strong Naming for security.
I'd like to know:
What I'm not looking for:
The reason people tell you not to use strong naming for security (I assume you mean integrity checking) is that it no longer works.
Since .NET 3.5 SP1, the .NET assembly loader does not validate the integrity of strong name assemblies anymore. If you want to prevent assemblies from being modified on disk, you'll have to use Authenticode.
These links describe the changes, exceptions and the reasons behind it (startup speed):