I know responding to my own comment is taboo, but I wanted to add some more nuance to the statement.
I think it's uncontroversial to say that RSA in practice is a fraught proposition. There are a lot of foot-guns that even the mainstream libraries don't protect you from, so just using RSA means you need to spend a lot of time making sure you're not using it the wrong way, and "how to use it right" isn't elegantly contained in a Stack Overflow answer anywhere. And because RSA comes with so many knobs to turn, it ends up being an extensive analysis task for the poor developer whose job is to write the code. I've been that developer.
However, if the choice is between (1) using RSA, with caveats, because the tech stack is already mostly RSA, and (2) updating the whole tech stack to ECC based algorithms, we are not yet at the point where option #2 is always the right answer.
I think it's uncontroversial to say that RSA in practice is a fraught proposition. There are a lot of foot-guns that even the mainstream libraries don't protect you from, so just using RSA means you need to spend a lot of time making sure you're not using it the wrong way, and "how to use it right" isn't elegantly contained in a Stack Overflow answer anywhere. And because RSA comes with so many knobs to turn, it ends up being an extensive analysis task for the poor developer whose job is to write the code. I've been that developer.
However, if the choice is between (1) using RSA, with caveats, because the tech stack is already mostly RSA, and (2) updating the whole tech stack to ECC based algorithms, we are not yet at the point where option #2 is always the right answer.