This unwillingness may indicate a lack of competency, complacency as a market leader, or complicity with censoring regimes.
How f difficult is it to sign a zone?
DNSSEC isn't perfect (indeed it only provides assurances of record integrity and doesn't secure the channel); but it's certainly better than nothing, than no signature at all.
If route53 can't or won't or doesn't have to because they don't want to implement DNSSEC, route53 is not suitable for .gov and .mil domains.
It's really that simple.
I get that you want to use terraform; I don't see why you think route53 is the only DNS that terraform works with.
How f difficult is it to sign a zone?
DNSSEC isn't perfect (indeed it only provides assurances of record integrity and doesn't secure the channel); but it's certainly better than nothing, than no signature at all.
If route53 can't or won't or doesn't have to because they don't want to implement DNSSEC, route53 is not suitable for .gov and .mil domains.
It's really that simple.
I get that you want to use terraform; I don't see why you think route53 is the only DNS that terraform works with.