It would probably be a good idea for the SDP to include a=tls-id, defined in https://datatracker.ietf.org/doc/html/rfc8842, to ensure endpoints can tell when the security handshake is being restarted, as discussed in the cited RFC. This would probably obivate the need for a=connection:new as well (which is not typically used in DTLS-SRTP).
From @juberti, on the AVTCORE mailing list: