Does KRACK mean that wifi cafes will never be safe again?
This is based on the false assumption that Wi-Fi cafes were ever safe. That is simply a false assumption.
So if the client is patched, what if you don't know whether the WAP is or isn't? Doesn't this mean that one can never trust anonymous wifi cafes again, since there's no way to know whether they've patched their WAPs?
Public Wi-Fi is often open (i.e. no encryption) or use a PSK that is distributed to all customers. Not saying there aren't some using WPA2-Enterprise, but I personally haven't seen any.
KRACK creates an opportunity to determine the WPA/WPA2 PTK/GTK so traffic can be decrypted and possibly manipulated by an attacker. If your client is patched, this will significantly limit what the attacker can see or do.
With Open Wi-Fi you have no encryption. With PSK (where the attacker also knows the PSK and can capture the 4-way handshake), you don't have reliable encryption because anyone around has the capability to decrypt your traffic. Either case presents an easy opportunity for an attacker to create a MitM situation. In other words, you are already totally exposed and are not safe in any sense; all before KRACK was ever found or publicized.
The only way that KRACK might make such public Wi-Fi more vulnerable is if the site is using WPA2-Enterprise (i.e. setting up usernames/passwords for clients). But if a site is putting that much effort into providing secure access for customers, then odds are good they will put the effort into patching it as well.
End result though is still the same. Public Wi-Fi shouldn't be considered safe.