Hi Oliver,
I ran into this problem as well and believe it's an issue with iOS, not BLE-Stack.
When the iOS device forgets the CC2540, then when it tries to write to a characteristic with permissions of GATT_PERMIT_AUTHEN_READ_WRITE the CC2540 returns an ATT_ERR_INSUFFICIENT_ENCRYPT since it still thinks it's paired with the iOS device - instead of an ATT_ERR_INSUFFICIENT_AUTHEN which it returns when it's not paired.
From what I found, iOS doesn't like the ATT_ERR_INSUFFICIENT_ENCRYPT error, and won't initiate pairing if it receives it. It will initiate pairing if it receive the ATT_ERR_INSUFFICIENT_AUTHEN though.
So to get around this I set the permissions on my characteristics to GATT_PERMIT_READ_WRITE and then manually enforce GATT_PERMIT_AUTHEN_READ_WRITE in WriteAttrCB. I then always return the ATT_ERR_INSUFFICIENT_AUTHEN error if the remote device is not authenticated or encrypted.
John
