generatePublisherEvidence in CLR4

Question

I have an application (not my code) which suffers from slow startup on a servers not connected to internet.

From earlier experience I know about the generatePublisherEvidence in the config file and tried it here as well (after detecting some TCP connections with timeouts in process monitor).

However, in this case the application is .Net 4.5.1 and the generatePublisherEvidence's documentation page say

In the .NET Framework 4 and later, this element has no effect on assembly load time

To my surprice the load time was reduced and the TCP connection dissapeared from the log.

First I thought it was a coincidence but now I have verified the same behaviour on 2 other servers.

Can anyone explain this?

I tried to follow the links from the msdn page but could not find any information on how assembly certificates are validated and why it differs between CLR2 and CLR4.

The only guess I can come up with is that the application loads some older CLR2 assemblies and these are affected by the generatePublisherEveidence.

Answer 1

See if my answer here clarifies things a bit.

The generatePublisherEvidence element is definetely still relevant for .NET 4, even 4.7 which I was using! It is just no longer the case that without it the signature is always verified by the runtime as part of the assembly loading process, but the signature verification might still be triggered (unintentionally) at some point!