Keyless Delegation is our implementation of the emerging delegated credentials standard. When you upload a certificate for use with Keyless that has the special extension permitting the use of delegated credentials, Cloudflare will automatically produce a delegated credential and use it at the edge with clients that support this feature. The handshakes will complete without the extra latency induced by reaching back to the Keyless Server.
Currently very few clients support delegated credentials, and only a handful of certificate authorities will issue certificates with the extension. We have had success with Digicert. Firefox Nightly supports delegated credentials.