Having read about strong names in .NET here, for example, I have the following question:
We have an Authenticode code signing certificate with which we sign all our EXE, DLL and MSI files. The benefit of that is that Windows knows the MSI comes from a trusted source, and also that the authenticity of each file can be verified if required.
We currently do not use .NET strong names. I have read that strong-naming a file essentially means that it is digitally signed with a self-signed certificate. My opinion on this is that an Authenticode certificate signed by a trusted certificate authority is much more valuable than a self-signed certificate whose authenticity nobody can verify anyway because they lack the root certificate (and we are not going to distribute that to end users, are we!?).
Question: Is there any value in additionally strong-naming assemblies if Authenticode signing is already used?