They can, if they're using Chrome.

We need to get away from the idea that it's unfair to recognize superior cryptography merely because it's currently only implemented in Chrome.

The grade either reflects the actual quality of a server's TLS configuration, or it reflects something else.

In any case, it's a moot point here, because ChaCha20/Poly1305 is RFC7593.

I am not completely against de-facto standards, but, in the TLS space, Chacha20/Poly1305 is not one. At this time it's mostly used only by Google/Chrome (AFAIK, no other clients support it); we'd need to see better browser support (multiple organisations) and wider server-side support before we can accept it on the basis of widespread use.

Accepting non-standard crypto is a slippery slope, which is why I'd rather take a very conservative approach.

P.S. You mean RFC 7539, which came out only a couple of days ago. Now we only need another RFC for the use in TLS.

Why exactly do we need to see other browsers support Chacha20? That's a viewpoint I imagine is shared by zero working crypto engineers; am I wrong?

They can, if they're using Chrome and the server has compiled OpenSSL from source and applied the relevant patches, linked to in the article, required for OpenSSL to support it.

Conversely, people are unlikely to be able to use chacha20 until we start encouraging its use.

Sure, but we can't encourage it's use until people can get access to server software that includes it, and openssl - and everything that links to libssl - doesn't right now.

Cloudflare implements Chacha20/Poly1305 using OpenSSL, and published their patches.

I know, that's why I linked to those patches in the article, then subsequently mentioned their existence in another response to you three hours before you wrote the above.

That doesn't change that people won't use it until it's in openssl properly and they don't have to maintain a patched version themselves.

I don't understand why a sober assessment of people's SSL implementations should account for stuff like this.

There are two options: enable the only modern native stream cipher available for TLS, and with it the only polynomial MAC that doesn't require hardware support (and thus the best polynomial MAC available for mobile devices), or don't.

The former option is superior to the latter option. The latter option is easier, but: nobody said engineering was supposed to be easy.

Either SSL Labs is evaluating the quality of TLS implementations, or they're evaluating something else. Arguments like the ones I see on this thread suggest it's "something else".

Encourage people to use a library that includes chacha20...

That's pretty reasonable, if libre or boring started using it (especially since they both have other advantages over open).