Index calculus. Over prime fields it has seen essentially no major progress (beyond small complexity tweaks, some of which are useful) since 1992 with the number field sieve. Index calculus also exists for elliptic curves, under some conditions: once again, over prime fields things seem fine (modulo MOV, anomalous, etc curves). I suspect we will also have to drop RSA if the index calculus for prime field discrete logs ever improves significantly. Likewise, some efficient attack against P-256 or curve25519 has a good chance to eliminate most or all curves in that size range.