Deegated credentials is an extremely effective method for securing TLS certificates and is in the process of being adopted as a standard by IETF.

Source: Delegated credentials: Improving TLS security – Facebook Engineering