Yes, that's right. To run a secp256k1 ciphersuite we'd need two things. 1. An update to the OpenMLS implementation of the MLS spec (because it can't accept custom ciphersuites at the moment). 2. An update to the OpenMLS RustCrypto library (which is the crypto traits that are needed for the OpenMLS library). OR a brand new implementation of the crypto traits. You don't need the user's main nsec for much in how the NIP_104 spec is written. There is a need to sign a few events but not many and nothing that is inside the MLS stuff.
Does 2 need to come first?
Is anyone actively working on implementing this yet?