It's too late to edit this comment but new information leads to yet another alternative explanation: Gavin (and others) actually did witness Craig sign a message with one of Satoshi's private keys, and "verify" it on a computer controlled by Craig. Shenanigans were involved that made the phony signature appear to verify. Gavin (and others) were deceived.
